Abhijit

Cry9 - Invalid CRYPTON file pair

Recommended Posts

My machine is infected and all data files are renamed to ".fgb45ft3pqamyji7.onion.to._"

I tried the decrypt_Cry9.exe with original and encrypted file, it gives an error that the file size difference is not 68 bytes (in my case the difference is 32 bytes)

Any help possible? Attached are the two sample files (original and encrypted) and the ransom note.

Thanks

_DECRYPT_MY_FILES.txt

jquery-1.4.1.js

jquery-1.4.1.js.fgb45ft3pqamyji7.onion.to._

  • Like 1

Share this post


Link to post
Share on other sites

Hi all,

They are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password.

We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill.

Regards,

Sarah

Share this post


Link to post
Share on other sites

I've also been hit by the Cry9 ransomware. It seems that's the one doing the most damage as of late.

I've tried Fabian's Cry9 decrypter but unfortunately didn't have much success with it. I got the same error as the users above: "Encrypted file needs to be exactly 68 bytes bigger". The byte size difference is 36.

Hoping Fabian can come up with a solution!

Share this post


Link to post
Share on other sites
1 hour ago, Geng said:

I've also been hit by the Cry9 ransomware. It seems that's the one doing the most damage as of late.

I've tried Fabian's Cry9 decrypter but unfortunately didn't have much success with it. I got the same error as the users above: "Encrypted file needs to be exactly 68 bytes bigger". The byte size difference is 36.

Hoping Fabian can come up with a solution!

Geng, the cry9 decrypter won't work, it'll be a slightly different algorithm used to encrypt the files. We can but wait for the new decrypter. 

Sarah, we all very much appreciate your guys' efforts to provide this software for free :) Starting to very much like emsisoft! 

Share this post


Link to post
Share on other sites

Hi guys.  I think I'm having same problem it seems.  Been trying to just identify which ransomware I have has been a pain.  But it seems I have the same thing as you guys.  Same extension, with 36 byte difference in files.

I'm a bit caught up on ransomware history now thanks to this.  So thank you guys for actually trying to help the masses with this.  I really do appreciate it.

DInput0.dll.id_1780981394_fgb45ft3pqamyji7.onion

DInput0.dll

-DECRYPT-MY-FILES.txt

  • Downvote 1

Share this post


Link to post
Share on other sites
On 4/27/2017 at 2:06 PM, Sarah W said:

Hi all,

They are hacking in via insecure RDP configuration. Make sure if you continue to use RDP that you set a strong password.

We are looking into it and hopefully will have something for you in terms of decryption, though it may take a while since the member who does the decryption is ill.

Regards,

Sarah

Hi Sarah. I don't mean to rush but do you have an estimate as to when Fabian will be able to roll out the new version of the decrypter?

Share this post


Link to post
Share on other sites

Same here, got hit last night.  It looks like the same encryption with 36 byte difference in files.  It would be TREMENDOUS if you can produce a decryprter for this one! Thanks a bunch!!

 

 

_DECRYPT_MY_FILES.txt

FileZilla_3.16.0_win64-setup.exe

FileZilla_3.14.1_win64-setup.exe.id_1914190023_gebdp3k7bolalnd4.onion._

hdtunepro_560_trial.exe

hdtunepro_560_trial.exe.id_1914190023_gebdp3k7bolalnd4.onion._

Share this post


Link to post
Share on other sites

I really feel for you guys.  But it's actually a big relief knowing I wasn't the only one with my own one of a kind, unique problem that no one has ever said anything about :P

If you guys are in immediate need of a little relief, I've been in Safe Mode using Easus Data Recovery Wizard.  You end up finding stuff under your "Lost Files" folders.

 

Share this post


Link to post
Share on other sites

Hello,

Hit sometime last night or this morning, likeliest vector is RDP (though I use strong passwords >:( ). It appears to be the same flavor as bruticus0's given the filenames. Encrypted files have .onion extensions and are 36 bytes larger than the original file. The attached example is an ASCII file, but I can provide a binary if needed. Please note that I got the original by downloading a previous version that was maintained by Google drive. Google drive had named the file "mc-generated_tgp1_tbp1_tsr0.667_tmc9_trainset.txt.unified.desc.id_1726307421_fgb45ft3pqamyji7.onion.desc" which wasn't the original name and so I renamed it to what you see attached. Hopefully that doesn't mess anything up for your analysis.

I believe people are dubbing this one Cry128? I caught the trojan in the act and turned off the machine, so I'll likely be able to provide the virus files tomorrow. Where should I submit those?

I've tried the Cry9 and CryptOn decryptors and neither worked. The former complained about the 68 bytes as others have posted, the latter gave a popup saying I need to drag both files at the same time (but I definitely did).

More info... ransom notes are -DECRYPT-MY-FILES.txt and are *not* in every directory. Possibly because like I said I caught it "mid-stream". They make no mention of the culprit (e.g. citing the nemesis decryptor), however I safely visited the url given in the note and it said clearly at the top, "NEMESIS Ransomware".

Also, in some threads I've been reading, some people have noted no size difference. I've checked several of my files by removing the new extension to bring it back to its original file name, and several of the files were still accessible, i.e. not encrypted. Perhaps if you're seeing no file size difference you should try the same. For me, the files that were apparently unencrypted still had the extra 36 bytes though. I can provide these kinds of files too if desired.

Along with the virus exe and supporting files, I will be looking for new/altered user accounts, altered local/group security policies, and checking logs for port accesses and anything else that stands out. Let me know if I should look for anything else. And definitely let me know whatever I can do to help this effort. I'm reposting this on bleepingcomputer.com forum now - https://www.bleepingcomputer.com/forums/t/636865/nemesis-ransomware-support-help-topic/page-4

Many thanks to everyone spending their well-earned free time on cracking down on these <expletive deleted>.

 

-DECRYPT-MY-FILES.txt

mc-generated_tgp1_tbp1_tsr0.667_tmc9_trainset.txt.unified.desc

mc-generated_tgp1_tbp1_tsr0.667_tmc9_trainset.txt.unified.desc.id_1726307421_fgb45ft3pqamyji7.onion

  • Upvote 1

Share this post


Link to post
Share on other sites

I'm not at all sure where to send the malware part on here.  But these guys and other techs also post on Bleeping Computer.  They have a thread similar to this, although it is being spammed and bombarded by trolls last I checked.  They have a submission form Here .  You might have to sign up and make a topic first, since it asks for a topic reference.

Share this post


Link to post
Share on other sites

Hi guys,

I got the same probleme, My machine is infected. I got some txt file on my desc name "", describing the pirates ranson:

-->Your personal files encryption produced on this computer: photos, videos, documents, etc.
-->Encryption was produced using a unique public key RSA-2048 generated for this computer.................

All files on my pc are infected as i cannot open any of them doc, xlsx,  pdf, img........ But the kept the original name and extenssion, For pdf files for example, Acrobat is telleing that the document is damaged

I m looking for away to recover my files, There is another point, all damaged / encrypted files have the same size as safe ones.

Looking for a help.

Many thanks

Share this post


Link to post
Share on other sites

I'm not sure which ransomware the RSA-2048 is.  But at the sticky at the top of this forum here, you will see at the bottom, there is a Ransom ID site mentioned.  I would go there and see what they tell you.  You just gotta upload files and ransom note to see. 

The people here are having trouble with a Cry9 variant that is 36 bytes difference between original and encrypted.  So none of us on this topic have your problem.  Maybe search one for another thread mentioning the RSA number?  All your ransomware decryptors will need a file pair.  An original untouched file, and the encrypted file.  If you recently downloaded a program, download it again to get an original file, and pair it with its encrypted counterpart to use with a decryptor.  Anyway, good Luck.

Share this post


Link to post
Share on other sites

Thanks for the heads up.  I'm using it at the moment.  Will post back if it works.  

My files are actually different than mentioned in the tool page.  I have plain old .onion on the end of mine.  But the decryptor is actually running and attempting to bruteforce the key.  So we'll see.  Fingers crossed.

Share this post


Link to post
Share on other sites
11 minutes ago, bruticus0 said:

Thanks for the heads up.  I'm using it at the moment.  Will post back if it works.  

My files are actually different than mentioned in the tool page.  I have plain old .onion on the end of mine.  But the decryptor is actually running and attempting to bruteforce the key.  So we'll see.  Fingers crossed.

Have you uploaded a ransom note and encrypted file to ID Ransomware? It will be able to identify what ransomware you are dealing with. Probably the latest Dharma unfortunately. Cry128 typically has ".onion.to._" as shown in the blog.

Share this post


Link to post
Share on other sites

Turns out the the decryptor did not work, but it did actually run.

Yes I uploaded the stuff to Ransom ID, and it said I had Cry9 and it was decryptable.  But the Cry9 decryptor doesn't work because we have 36 bytes difference between encrypted and original.  

Ganymede, Carlos, and me all have "*.onion" at the end of ours.  So I am guessing this thread is a bit of a jumble.  Could you or Sarah tell us that are having trouble, whether not this is something being worked on or possible to be worked on?  

Thanks for your time.

 

-DECRYPT-MY-FILES.txt

04 Monokuma Overdrive.mp3.id_1780981394_fgb45ft3pqamyji7.onion

04 Monokuma Overdrive.mp3

As you can see, we have almost the same thing.  Instead of ".fgb45ft3pqamyji7.onion.to._", we have ".fgb45ft3pqamyji7.onion"  You think it would be better to just make a new topic with this ransomware then?  If this is the case, we are back to square one trying to find out what exactly affected us.  Any ideas?  Also, if you use their page to contact them, they do mention "Nemesis" on it.

  • Upvote 1

Share this post


Link to post
Share on other sites

I've confirmed the Cry128 decryptor does not work for me either. I tried on 3 sets of files (exe, pdf, and txt) and they all attempted to crack it, but then gave that pop up saying it couldn't be found.

I found 3 malicious executables on my machine, but unfortunately I don't think any of them are the actual virus we're dealing with... I think the criminal just put them on the machine. Going through Windows event logs, the actual executable doing the damage was being run through a windows service "Workstationt" and it was running c:\windows\fonts\winlogon.exe -- and this is the file I failed to retrieve. Just before the exe was wiped (by me doing a system restore... and I'm kicking myself for being so hasty about it), Malwarebytes detected winlogon.exe as RiskWare.HeuristicsReservedWordExploit. I can still provide the other 3 executables if you think they will help, though I don't want to give anyone a red herring.

Share this post


Link to post
Share on other sites

I have the same issue with my files renamed *_gebdp3k7bolalnd4.onion.  So far i cannot find the malicious exe file.  Mcafee and Malware bytes so far have come up with no threats.

I checked the Mcafee Endpoint Security Logs and somehow the attack appeard to disable on-access scanning.  The firewall event monitor also picked up the ports in the attached.  So this should help folks identify one method this is getting in and disabling all Mcafee tools so that it can run.

FirewallEventMonitor.log

EndpointSecurityPlatform_Activity.log

OnDemandScan_Activity.log

ThreatPrevention_Activity.log

Share this post


Link to post
Share on other sites

Hey Ganymedeh and everyone.  I think I have good news.

 

Before i did my format, I recovered my Program Files and Users folders.  Now, these files had their encrypted counterparts side by side when I recovered them.  In my Program Files x86\Malwarebytes folder, I found a "Chameleon" folder that had a bunch of *.exe that read "mab-killer.exe" and such.  Turns out "winlogon.exe" is in there too.  I rar'd the whole chameleon folder and uploaded it to bleepingcomputer.  Also upped it to rapidgator if anyone here has need of it rapidgator

There's an svhost.exe, rundll32.exe, iexplore.exe, several firefox and mbam exes too.

Sorry guys.  Looks like it was legit files :P  My bad for not looking better.

Share this post


Link to post
Share on other sites

Same deal as the users above, the newest decrypter didn't work unfortunately. It attempted to brute force but was not successful. Our file byte size difference is 36 bytes.

Share this post


Link to post
Share on other sites

Just to add insult to injury, their encryptor is buggy and deleted a large SQL database file instead of encrypting it. I can't decrypt files (same issue as previous posters) so it's probably irrelevant.

Share this post


Link to post
Share on other sites

I've noticed a lot of *.zip files can just be renamed and recovered.  Very few *.rar files can.  But about all my old *.iso PS2 games can be renamed and recovered.  If you have any files of similar types like that, you could try the rename trick and see.  Also some *.rtf files, if renamed, can give a partial  recovery.  Some of mine had the top half encrypted, but the bottom half was readable.  So I'm not even sure if files like that that are "half" encrypted can even be restored.

Also, I had one Restore Point left when I was hit.  Doing it did no good to the files or OS, but when scanned with EaseUS Data Recovery, it did turn up results.  The deep scan showed the original files alongside the encrypted ones.  Had to meticulously go through and tick each and every file I wanted to keep, but it was worth it.

Share this post


Link to post
Share on other sites

We have files that work like this ".id_<id>_2irbar3mjvbap6gt.onion.to._" 

I have downloaded Emsisoft Decrypter for Cry128 version 1.0.0.54 does not find a key for these 36-byte different sized files.

Tried and failed with several pairs

Attached are tried and failed pairs

GS001.jpg
Download Image

GS001.jpg.id_2138335619_2irbar3mjvbap6gt.onion.to._

jetty-resized.jpg
Download Image

jetty-resized.jpg.id_2138335619_2irbar3mjvbap6gt.onion.to._

Jobhopper.pdf

Jobhopper.pdf.id_2138335619_2irbar3mjvbap6gt.onion.to._

jquery-ui.js

jquery-ui.js.id_2138335619_2irbar3mjvbap6gt.onion.to._

_DECRYPT_MY_FILES.txt

Share this post


Link to post
Share on other sites
7 hours ago, bruticus0 said:

I've noticed a lot of *.zip files can just be renamed and recovered.  Very few *.rar files can.  But about all my old *.iso PS2 games can be renamed and recovered.  If you have any files of similar types like that, you could try the rename trick and see.  Also some *.rtf files, if renamed, can give a partial  recovery.  Some of mine had the top half encrypted, but the bottom half was readable.  So I'm not even sure if files like that that are "half" encrypted can even be restored.

Also, I had one Restore Point left when I was hit.  Doing it did no good to the files or OS, but when scanned with EaseUS Data Recovery, it did turn up results.  The deep scan showed the original files alongside the encrypted ones.  Had to meticulously go through and tick each and every file I wanted to keep, but it was worth it.

yeah I noticed that some of my picture files (jpg & png) were renamed yet unencrypted too. I wasn't sure if it had to do with the extension or if maybe the virus renamed everything first and then went to encrypting. I would love to try renaming my files back en masse, but I literally have millions of files and I don't want to rename the ones that are actually encrypted because the decrypter won't recognize them then.

Share this post


Link to post
Share on other sites

The first 10k characters or so are encrypted and the rest of the file is left alone.

Then an additional 36 characters are added to the end of the file which will be part of the key (probably for the decryptor you don't get when you pay lol).

However, I really WOULD NOT rename your files unless you back them all up or you'll end up in a real mess.


Looking at the logs, one IP had been hitting us every 3 or 4 seconds for over 6 months so it took over 5 million attempts to guess the password.

I am usually switched on and notice these things but I have been so busy it got overlooked. I have blocked some IP's now and changed the password length and RDP port and attacks have stopped.

However, I never overlook backups. That is always priority.

A few points that helped us on our cloud based server from this attack.

1) The websites and other logs are on a separate partitioned attached block storage volume (attached as drives E and F not the IIS default of c:/inetpub ) When the virus got hold we just detached the drive to minimise impact.

2) We have learnt from experience to never host MySQL on a host machine and consequently host MySQL on a different OS and an ubuntu machine - so it was never touched. We had millions of rows of data across 120 tables that would have been a nightmare to restore plus around 100-150k rows are added daily.

3) This meant we simply restored the server from a working image a few days old, re-attached the block storage drive attached a backup of this and copied files across, changed the MySQL passwords and basically most services were back up within around 45 minutes.

We just had to restore some websites as they were outdated. We have actually only lost around 40 hours of work (from a live work in progress that had not yet been backed up that week). Hopefully a decryption can recover it or we will need to start again.

Hopefully you all can get your files restored, but backup your server and data, have a contingency plan for events like this - and build and spread your configuration carefully to minimise impact.

 

 

Share this post


Link to post
Share on other sites
2 hours ago, Ringding said:

The first 10k characters or so are encrypted and the rest of the file is left alone.

Then an additional 36 characters are added to the end of the file which will be part of the key (probably for the decryptor you don't get when you pay lol).

Confirmed. 

Also, and this is probably a "duh, obviously" thing to mention, but check your Windows firewall with advanced security, inbound rules. I was in there whitelisting my RDP ports and noticed that the *&^%$! opened up all ports for tcp connections.

 

Share this post


Link to post
Share on other sites

Same problem here. After a short view files are crypted in blocks of 32 bytes. If file is larger than 320 bloks of 32 bytes (10kb) rest of file remain uncrypted. At end of file 36 bytes is added, first byte differ from file to file and rest of 35 bytes are the same (00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EF 52 5E A0). If file size does not divide exactly to 32 then last block of less than 32 bytes remain uncrypted.

samples.rar

Share this post


Link to post
Share on other sites

I have my system infected with same virus and tried every sigle method mention above but to no avial. When i checked it showed infected with CR9 and can be decrypted but actua no. 

Support team, if you have solution on this or update please let us know.

Share this post


Link to post
Share on other sites

I also got hacked and my files were encrypted. Nemesis ransomware. Extension .onion (without .to). Difference 36 bytes, not 68 like Cry9 decryptor asks. Cry128 tried but didn't succeed in finding a key. I attach ransom note and a pair of files and screenshots.

D010_20441702_2017_03.PDF

-DECRYPT-MY-FILES.txt

ID Ransomware.jpg
Download Image

messages.jpg
Download Image

D010_20441702_2017_03.PDF.id_2520616175_fgb45ft3pqamyji7.onion

Share this post


Link to post
Share on other sites
8 hours ago, mclaugb said:

Here are a few text files that got hit by the ransomware.  It is very easy to tell where the information was added/removed/etc.  I also have 4 exe and other files I have zipped up in case anyone wants to run the ransomware on a VM and see how it works.  

3X8Sheep_Base_SingleBlock.dxf

3X8Sheep_Base_SingleBlock.dxf.id_1638578921_gebdp3k7bolalnd4.onion._

I cannot download these files. Please confirm that last bytes in encrypted files is EF 52 5E A0. Thanks!

Share this post


Link to post
Share on other sites

George, I'm not sure those bytes are meant to be constant. My last 4 in each file are 35 F6 5C 01.

Also to Kenneth and mclaugb, you may have different variants than the one being discussed here, as your extensions end in .onion._. Those were linked to Cry128. Have you tried using the decrypter for it?

 

Share this post


Link to post
Share on other sites
2 hours ago, ganymede said:

George, I'm not sure those bytes are meant to be constant. My last 4 in each file are 35 F6 5C 01.

Also to Kenneth and mclaugb, you may have different variants than the one being discussed here, as your extensions end in .onion._. Those were linked to Cry128. Have you tried using the decrypter for it?

 

Constant to all files encrypted. In my case all files have 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EF 52 5E A0.

Share this post


Link to post
Share on other sites

Here are some samples of mine using hex workshop.  If you try to use Notepad++ with hex plugin, you'll get some funny numbers when you copy and paste that area.  At least I did.  

.doc file sample  D0 01 AB 95 

.jpg file sample  D0 01 AB 95  

.exe file sample  D0 01 AB 95

.bin file sample  D0 01 AB 95

Gany and myself both have the same version "fgb45ft3pqamyji7.onion"  extensions also.  So it doesn't seem the numbers are random across same encryption type? :P

Share this post


Link to post
Share on other sites

We've got the same, following this post to see if any resolution is provided. 

The server with the files encrypted is in a remote office I'm going to go there tomorrow, as we've shut the server down in case there is anything else hidden on it. 

The company are already contemplating paying the ransom as they need a few of the documents that have been encrypted :(

Share this post


Link to post
Share on other sites
vor 5 Stunden schrieb GeorgeB:

Constant to all files encrypted. In my case all files have 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EF 52 5E A0.

The last 4 bytes seem to be constant for YOUR specific computer in all files. I assume it has something to do with the unique ID you identify yourself to the hackers or is part of the unique encryption key.

Share this post


Link to post
Share on other sites

Have anyone in this post try some of the software that is supposed to decrypt the files like Spyhunter or uneraser? I asked on http://www.uneraser.com/ live chat if this software decrypt .onion files and they said yes, they suggest try the free version to see if the software can detect something related to and then go for the paid version. I'd update this post in case we found anything that work for us.

Share this post


Link to post
Share on other sites

Greetings all. I got this virus yestarday and all my files personal and my companies are all effected. I searched all day about this and finally reach this point that i have to find a decyrptor because i dont have any restore points on my computer for recover and recover sofwares(recuva,datarecoverypro etc.) cannot find my files.
 So i found https://id-ransomware.malwarehunterteam.com/ but theres no info or decryptor about my virus .onion 
I'll be glad if you help and save my life in my computer all my files... 
 
Informations about virus: 
 
It just created -DECRYPT-MY-FILES.txt everywhere and changed all files in some seconds then restart my computer.. All files effected locked
 
____________________________________________________________________________________________________
-DECRYPT-MY-FILES.txt;
 
*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***
 
To decrypt your files you need to buy the special software. To recover data, follow the instructions!
You can find out the details/ask questions in the chat:
https://fgb45ft3pqamyji7.onion.to (not need Tor)
https://fgb45ft3pqamyji7.onion.cab (not need Tor)
https://fgb45ft3pqamyji7.onion.nu (not need Tor)
 
You ID: 3447097493
 
If the resource is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button "Connect" (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address http://fgb45ft3pqamyji7.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load
 
If you have any problems installing or using, please visit the video tutorial https://www.youtube.com/watch...
____________________________________________________________________________________________________
 
 
So all my files are in same named like
 
ARAMA.txt.id_3447097493_fgb45ft3pqamyji7.onion
ETNA.png.id_3447097493_fgb45ft3pqamyji7.onion
 
Seems like new variaton of crpytolocker virus and i never met same with it so i need emergency unlock and restore my files..
will be glad if you help.. I 'll put one effected and orginal sample for you to may help.
 
(Sorry for my bad language.. I'm waiting here to see your responses and helps)

 

(Example for locked file and orginal(Etna.png)) :

https://drive.google.com/open?id=0B6zV_umQcP38dWl0a0l2b3MwMWM

Share this post


Link to post
Share on other sites

Did anyone of the "skilled" people already take a look at the "unlocker" posted at https://www.bleepingcomputer.com/forums/t/635859/crypton-ransomware-support-help-topic-id-number-x3m-locked-r9oj/page-9#entry4229430 ?

Password has been posted in #126

Maybe there is some clue on how to decrypt these 10kb encrypted files? My Assembler skills are way too bad to understand what happens in there.

 

  • Upvote 1

Share this post


Link to post
Share on other sites

Does anybody have a sample of the virus? We could run it and monitor it's memory and API calls to try to catch ke key generation, and to analyse its behaviour.

Also, I have a bunch of torrent files that were completed, I can provide their encrypted part with the decrypted one (after re-downloading them), will it help?

Lastly, since only the first 10kb of each file are encrypted, I think that pictures (jpeg...) could be recovered (partly at least) by a sort of reconstruction of their header to a generic one.

Share this post


Link to post
Share on other sites

I think this guy might have the actual executable.

On a different note, I'm not sure why but I forgot to mention in my original post that I found the service registry of the virus in my Windows logs:

winlogon.exe
-a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:443 -u 48Nk7Q5oB5gEVLabrgo3KhLbaTSDKvZNHBECoHyZcxWNDMgfDnHA8Ue2Skp7A6z2ZGG93wmLxxrKa1j4QR7kmi866AP1G8t -p x
Workstationt
C:\Windows
 

Maybe that long nonsense string has something to do with the key?

 

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.