Demonslay335
-
Content Count
68 -
Joined
-
Last visited
-
Days Won
6
Recent Profile Visitors
-
Hello
Pl help and reply
-
Hello Demonslay335
Did you find the solution of nelasod. It has been reportd to you by Mr. Amigo-A
Thanks
-
-
@broniusr I've fixed that now. Please try re-downloading for v1.0.0.1.
-
Hello, please support
[*] ID: s9KkuHGOgdCYV8Rim63CFMrxZFXlO0mp7S0wmKbd (.mtogas )
[*] MACs: 64:80:99:7D:56:9D, 64:80:99:7D:56:9C, F0:1F:AF:66:3B:0C
Is there a solution to this problem? Even after a while!!!!!!
Do I wait and leave the encrypted files as they are?
-
My computer was infected by nelasod ransomware and my case was forwarded to you by Amigo-A (Emsisoft) . Did you find any solution? Sir i will be grateful if you consider my case.
Regards
Tahir
Following are my ID and Mac. The ransom note is also attached
[+] Loaded 67 offline keys
Please archive the following info in case of future decryption:
[*] ID: PiZTrTjGj2ERDjqCNEDpJWJfZwuWtP8FHxJeXuSa
[*] ID: 4SsNNoDBzRHoERsNCDJXFi0OetZhqz2yruT2Ltt1
[*] MACs: A0:B3:CC:48:0B:46, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8E
This info has also been logged to STOPDecrypter-log.txt+] Loaded 77 offline keys
Please archive the following info in case of future decryption:
[*] ID: PiZTrTjGj2ERDjqCNEDpJWJfZwuWtP8FHxJeXuSa
[*] ID: 4SsNNoDBzRHoERsNCDJXFi0OetZhqz2yruT2Ltt1
[*] MACs: A0:B3:CC:48:0B:46, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8F, 84:A6:C8:2E:4D:8E
This info has also been logged to STOPDecrypter-log.txt
Selected directory: F:\
Selected directory: E:\
-
@broniusr The decryptor has been updated, please try downloading it again. If you run it from the same directory as before, it should pickup the key file from the previous session, and you won't have to re-bruteforce it. Thanks for reporting the bug.
-
You were encrypted more recently than we have keys for, that's why you get that message. Nothing we can do at the present time. -
@broniusr You are correct, the malware encrypts up to 0x27100 bytes of the file, and I forgot to test bait files smaller than that limit. I'll post here once the decryptor has been updated to factor for that bug in the malware. Every version of this malware family has had at least one such bug relating to the crypto, so annoying...
-
Not yet, but decryption of 3.0 is coming soon. The idiot who coded it has an annoying bug that corrupts many files that we have to overcome.
-
Files encrypted by .TODAR and .LAPOI
Demonslay335 replied to Swarnav's topic in Help, my files are encrypted!
Please upload this file to VirusTotal and provide a link here. C:\Users\dasba\AppData\Local\a8402009-cadb-4977-b8d8-209fe362c63a\2.exe -
My files got encrypted by .TODAR and .LAPOI extension.
After running the STOP Decrypter the following message was shown:
[+] Loaded 59 offline keys
Please archive the following info in case of future decryption:
[*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw
[*] ID: mneaFv6qsoloG3BSRWuiOULjQBJDJLQHrQuadMpl
[*] ID: ZivCxija0GBwtwtwD0q4JRy80spT6lUyybPYhot1
[*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81
This info has also been logged to STOPDecrypter-log.txt
Selected directory: C:\Users\dasba\OneDrive\Desktop\New folder
Starting decryption...[+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-03-09-57-02-734.jpg.todar
[-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )[+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-03-11-00-06-25-558.jpg.todar
[-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )[+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-06-20-14-40-29-599.jpg.todar
[-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )[+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-34-29-971.jpg.todar
[-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )[+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-07-15-39-33-310.jpg.todar
[-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )[+] File: C:\Users\dasba\OneDrive\Desktop\New folder\2018-07-10-15-49-11-156.jpg.todar
[-] No key for ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )Decrypted 0 files!
Skipped 6 files.[!] No keys were found for the following IDs:
[*] ID: lmh5CF4FsVtOlzi0SCFLvW3n6HhzlmgiVu1inkyw (.todar )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 4C:ED:FB:11:77:1B, 88:78:73:9E:5D:82, 8A:78:73:9E:5D:81, 88:78:73:9E:5D:81
This info has also been logged to STOPDecrypter-log.txtPlease Help me.
Also added the ransomware note.
-
Decrypter for variation of GlobeImposter 2.0
Demonslay335 replied to Andre M's topic in Help, my files are encrypted!
Yep, as I suspected. The files are corrupted. What's going on is the MP3 format is likely a little bit tolerant of some data loss. GlobeImposter 2.0 does not encrypt the whole file, only like the first few MB I believe. If you were to simply remove the ".DOCM" extension from the file, you would get the exact same result. GetCrypt Ransomware uses a random 4-character uppercase extension, so that's the only reason the decrypter is fooled into "accepting" your file pair. Due to the way I am breaking that ransomware, the tool also cannot actually verify whether the decryption was successful, it just has to blindly throw the crypto at the file. -
Decrypter for variation of GlobeImposter 2.0
Demonslay335 replied to Andre M's topic in Help, my files are encrypted!
Mind sharing some of these encrypted MP3s that are supposedly "decrypted"? I have an idea as to what is going on, and it's not actually decryption... -
Files encrypted with extension .cheetah
Demonslay335 replied to Amadeus Nevohteeb's topic in Help, my files are encrypted!
If you can find a file "bginfo.png" on the system in the same folder as the executable, there might be a chance. Otherwise, so far it does not look like it can be decrypted without that file at the current time. -
Basilisque Locker Ransomware
Demonslay335 replied to sanchomdv's topic in Help, my files are encrypted!
We will really need the executable or commands used to encrypt the files in order to analyze it any more. By the way, the filepair you provided are not the same file before/after the encryption. The encrypted file's filename decodes to "rollup.png". It's just simple base64 encoding on the name. -
my files are encrypted ransomware hacker and convert all my file format to extension (.delle) please help me how my data decrypt (.delle)
dentified by
- ransomnote_email: [email protected]
- sample_extension: .dalle
- sample_bytes: [0x374DB - 0x374F5] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
Decrypted 115 files!
Skipped 82224 files.[!] No keys were found for the following IDs:
[*] ID: onoONoeRoRiIIL9NhEJ9kd4eugwAgOoMDxlonc5F (.dalle )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:FF:47:9B:63:3F, 00:FF:FA:3C:1F:43, 60:6C:66:2D:C5:8F, 20:89:84:46:B8:3D, 00:50:56:C0:00:01, 00:50:56:C0:00:08
This info has also been logged to STOPDecrypter-log.txt
Decrypted 50 files!
Skipped 26548 files.
[!] No keys were found for the following IDs:
[*] ID: onoONoeRoRiIIL9NhEJ9kd4eugwAgOoMDxlonc5F (.dalle )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:FF:47:9B:63:3F, 00:FF:FA:3C:1F:43, 60:6C:66:2D:C5:8F, 20:89:84:46:B8:3D, 00:50:56:C0:00:01, 00:50:56:C0:00:08
This info has also been logged to STOPDecrypter-log.txt
