Jump to content

.gerosan file encrypted, Please help

Luwie

By Luwie,
in Help, my files are encrypted!

 Share Followers 1

Recommended Posts

Luwie

Luwie 0

Posted
Posted

I already reformat my Computer but I need a help for recovery of my files. Please help me with my problem. I still have all my files but with extension name .gerosan.  I checked the extension name in https://id-ransomware.blogspot.com/2017/12/stop-ransomware.html but I can't find .gerosan.

 

 

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-hvv30uAtTY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Your personal ID:
 

_readme.txt SeagateExpansion.ico.gerosan

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted
Quote

extension .gerosan

This is a new variant of STOP Ransomware has been encrypt your files. 

You should know that this is not a simple infection that is easy to delete and unlock files with one click of the mouse.

I have been tracking the malicious work of this program since December 2017, this is earlier than many antivirus programs. Some of them announced the discovery of one of the variants of this Ransomware only in August 2018, when there was a massive attack on residents of many countries. Unfortunately, this attack continues.
Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. This is possible only in case where the files were encrypted with offline keys and an instance of the malware was detected.

Demonslay335  (the developer of the decoder) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files.


At the moment, it not been added to ID Ransomware (not been message), but it will soon be added.

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted

That is a variant of the STOP/Djvu ransomware.

STOPDecrypter can't recover your files yet, however it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter:
https://kb.gt500.org/stopdecrypter

 

While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

Link to post
Share on other sites
Luwie

Luwie 0

Posted
  • Author
Posted

Thank you guys for fast reply. This is the FRST logs I attached it here in my reply. I hope you guys can help me to recover my files. Thank you in advance.

This is the StopDecrypter log.

Decrypted 0 files!
Skipped 72 files.

[!] No keys were found for the following IDs:
[*] ID: T0FJbEb1TI0f52Mgi7K1XDl89p3fCHdsI1hT5f2P (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 78:AC:C0:BD:AB:1F
This info has also been logged to STOPDecrypter-log.txt

 

FRST.txt Addition.txt

Link to post
Share on other sites
Luwie

Luwie 0

Posted
  • Author
Posted
35 minutes ago, Yug said:

Can u please explain it step to step my pc will suffering to this encryption 

Demonslay335  (the developer of the decoder) collects information from the victims. He will PM you and just follow his instruction. I don't know if the instruction that Demonslay335 gave me is going to fix your issue.

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

Luwie

There is nothing in the logs indicating absolute malware, but there are several PUP and some dangerous downloads that you may suffer from.

\Downloads\DirectX_11_Setup_2083197489.exe
\Downloads\Recuva v1.53 setup + crack

If you have already installed this software, then remove it and delete the installation files. 

 

Link to post
Share on other sites
Yassine

Yassine 0

Posted
Posted

Please, i need help to recover my files, i realy need them for work, im a photographer and i really need my files back, thanks 

Here is my info :

 

Decrypted 0 files!
Skipped 8 files.

[!] No keys were found for the following IDs:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: C8:CB:B8:02:B5:45, E2:06:E6:36:52:AC, E2:06:E6:36:5A:AC, 00:FF:2B:FB:79:3E, E0:06:E6:36:52:AC
This info has also been logged to STOPDecrypter-log.txt
 

 

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
9 hours ago, Luwie said:

Thank you guys for helping me, you guys are great. I hope no one will become a victim with this kind of ransomware again. 

You're welcome.

 

7 hours ago, Yug said:

Can u please explain it step to step my pc will suffering to this encryption

Just follow the instructions I posted at the following link:

 

1 hour ago, Yassine said:

[!] No keys were found for the following IDs:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: C8:CB:B8:02:B5:45, E2:06:E6:36:52:AC, E2:06:E6:36:5A:AC, 00:FF:2B:FB:79:3E, E0:06:E6:36:52:AC
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

  • Like 1
Link to post
Share on other sites
Luwie

Luwie 0

Posted
  • Author
Posted
5 hours ago, Amigo-A said:

Luwie

There is nothing in the logs indicating absolute malware, but there are several PUP and some dangerous downloads that you may suffer from.

\Downloads\DirectX_11_Setup_2083197489.exe
\Downloads\Recuva v1.53 setup + crack

If you have already installed this software, then remove it and delete the installation files. 

 

Thank you for the warning I will immediately delete those two files specially Recuva it didn't help me recover my files anyway. Thank you guys again for all the help.

Link to post
Share on other sites
Luwie

Luwie 0

Posted
  • Author
Posted

The ID change to [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )

The old ID that I decrypted is [*] ID: T0FJbEb1TI0f52Mgi7K1XDl89p3fCHdsI1hT5f2P (.gerosan )

I left my computer overnight for decrypting but when I wake up and check if the decrypting is done I saw that only 25% of my family pictures and videos are restored. I tried 5x if the STOPdecrypter can decrypt one picture but it failed to restore one picture because the ID is different from the 25% of my files .gerosan ID change to [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) instead of [*] ID: T0FJbEb1TI0f52Mgi7K1XDl89p3fCHdsI1hT5f2P (.gerosan ).

 

 

Decrypted 0 files!
Skipped 1 files.

[!] No keys were found for the following IDs:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 78:AC:C0:BD:AB:1F
This info has also been logged to STOPDecrypter-log.txt

Link to post
Share on other sites
JGEthan

JGEthan 0

Posted
Posted
On 6/11/2019 at 10:28 PM, Luwie said:

I already reformat my Computer but I need a help for recovery of my files. Please help me with my problem. I still have all my files but with extension name .gerosan.  I checked the extension name in https://id-ransomware.blogspot.com/2017/12/stop-ransomware.html but I can't find .gerosan.

 

 

 

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-hvv30uAtTY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Your personal ID:
 

_readme.txtUnavailable SeagateExpansion.ico.gerosanUnavailable

Same here mY all Files are infected about 3.5 to 4 tb data encrypted (.Gerosan)

Plz plz Help me How to decypt my files 😥😥

Link to post
Share on other sites
Rizkifebian

Rizkifebian 2

Posted
Posted

This my result. hope u can fix the problem...all the data is very importent

 

Decrypted 101 files!
Skipped 4551 files.

[!] No keys were found for the following IDs:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.bak )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.docx )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.pptx )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.exe )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.goresan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 98:29:A6:89:B3:2C, F8:34:41:2F:05:72, FA:34:41:2F:05:71, F8:34:41:2F:05:71, F8:34:41:2F:05:75
This info has also been logged to STOPDecrypter-log.txt

Addition.txt FRST.txt

Link to post
Share on other sites
Sg123

Sg123 0

Posted
Posted

[!] No keys were found for the following IDs:

[*] ID: Ys6AMqyvxA6taF8tEp1OOr9eH3ZmFTXvTorRSCjp (.gerosan )

Please archive these IDs and the following MAC addresses in case of future decryption:

[*] MACs: 50:9A:4C:BF:80:1C, AC:ED:5C:A7:94:C4, AE:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C7

This info has also been logged to STOPDecrypter-log.txt

Please help me. These are the ID and MAC addresses. My really important files got encrypted. Thank you so much.

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted
2 hours ago, Din said:

https://www.pcrisk.com/removal-guides/15211-gerosan-ransomware

is this link good to decyrpt the file?

@Din

No. This site offers to use the SpyHunter tool that does not decrypt files.
There are a lot of such sites on the Internet that advertise SpyHunter, which will not do anything to decrypt.

We have provided all the necessary information above. See the 2st and 3st post of topic.

Link to post
Share on other sites
Din

Din 1

Posted
Posted

[+] Loaded 42 offline keys
Please archive the following info in case of future decryption:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0
This info has also been logged to STOPDecrypter-log.txt

 

---------------------------------------------------------------------------------------------------------------

Decrypted 0 files!
Skipped 45 files.

[!] No keys were found for the following IDs:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.zip )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rar )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0
This info has also been logged to STOPDecrypter-log.txt
 

 

please help me

STOPDecrypter-log.txt

  • Like 1
Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

@Din

From logs you can see that your browser Google Chrome has turned into something terrible. Several dangerous extensions that can not only show ads and redirect you to a bad sites, but also keep track of your preferences and steal your personal information.

I recommend that you remove all (!!!) browser extensions manually and later reset the browser settings to their defaults.

Then you can reinstall AdBlock from the official page.
https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en

Other extensions are unreliable or dangerous.

Link to post
Share on other sites
Yassine

Yassine 0

Posted
Posted
5 hours ago, Din said:

[+] Loaded 42 offline keys
Please archive the following info in case of future decryption:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0
This info has also been logged to STOPDecrypter-log.txt

 

---------------------------------------------------------------------------------------------------------------

Decrypted 0 files!
Skipped 45 files.

[!] No keys were found for the following IDs:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.zip )
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rar )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0
This info has also been logged to STOPDecrypter-log.txt
 

 

please help me

STOPDecrypter-log.txtUnavailable

it seems like we both have the same ID 

 

Link to post
Share on other sites
JGEthan

JGEthan 0

Posted
Posted


Please Please Help me to back my data.. from childhood all my family photos videos are infected and there is no backup for this plz help me how to decrypt my data about 3 to 3.5tb is infected by {gerosan extention}

StopDecrypter log.

Decrypted 0 files!
Skipped 20 files.

[!] No keys were found for the following IDs:
[*] ID: D6PgCK0v8J5ppCODraPkuA10EOifMVs2Y0uVf200 (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: C8:9C:DC:B4:9A:FB, 20:E2:17:05:5B:BE, 20:E2:17:05:5B:BF, 20:E2:17:05:5B:BC
This info has also been logged to STOPDecrypter-log.txt
 

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
21 hours ago, Luwie said:

The ID change to [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan )

Your computer is almost certainly still infected. Get me logs from FRST before you do anything else, or this will happen again. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

 

18 hours ago, Din said:

sorry, i just want to know. it is safe to not decyrpt the file and just delete the extension .gerosan? 

No, that won't solve your problem.

 

18 hours ago, Din said:

https://www.pcrisk.com/removal-guides/15211-gerosan-ransomware

is this link good to decyrpt the file?

I recommend sticking to BleepingComputer.com or our forums for decryption help.
https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted

@Yassine, @Luwie, @Rizkifebian, @Din please note that your ID's (PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1) is an offline ID, and support for it was added to STOPDecrypter this afternoon. Simply download STOPDecrypter again and run it, and then new version should be able to decrypt your files:
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip

  • Like 1
Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
17 hours ago, Sg123 said:

[!] No keys were found for the following IDs:
[*] ID: Ys6AMqyvxA6taF8tEp1OOr9eH3ZmFTXvTorRSCjp (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 50:9A:4C:BF:80:1C, AC:ED:5C:A7:94:C4, AE:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C3, AC:ED:5C:A7:94:C7
This info has also been logged to STOPDecrypter-log.txt
Please help me. These are the ID and MAC addresses. My really important files got encrypted. Thank you so much.

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
15 hours ago, kiki said:

+] Loaded 42 offline keys
Please archive the following info in case of future decryption:
[*] MACs: 18:5E:0F:A2:DA:3D, 1A:5E:0F:A2:DA:3C, 18:5E:0F:A2:DA:3C
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
9 hours ago, JGEthan said:

[!] No keys were found for the following IDs:
[*] ID: D6PgCK0v8J5ppCODraPkuA10EOifMVs2Y0uVf200 (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: C8:9C:DC:B4:9A:FB, 20:E2:17:05:5B:BE, 20:E2:17:05:5B:BF, 20:E2:17:05:5B:BC
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Link to post
Share on other sites
GT500

GT500 853

Posted
Posted
3 hours ago, Abichandra said:

there’s a warning about ‘Alphaleonis.Win32.Filesystem.NativeMethods’ threw an exception.

What's giving you this warning? Your Anti-Virus software?

Link to post
Share on other sites
EricN

EricN 0

Posted
Posted

Please Help Me...

[+] Loaded 43 offline keys
Please archive the following info in case of future decryption:
[*] ID: 4HPyKBFsnsZT5KqtZV4L5VkeBtOK4qQ9lrdK6BAt
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 98:28:A6:21:A5:DC, 32:D1:6B:DE:FA:9F, 42:D1:6B:DE:FA:9F, 30:D1:6B:DE:FA:9F
This info has also been logged to STOPDecrypter-log.txt
 

Link to post
Share on other sites
Rizkifebian

Rizkifebian 2

Posted
Posted
2 hours ago, GT500 said:

@Yassine, @Luwie, @Rizkifebian, @Din please note that your ID's (PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1) is an offline ID, and support for it was added to STOPDecrypter this afternoon. Simply download STOPDecrypter again and run it, and then new version should be able to decrypt your files:
https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip

THANK U VERY MUCH...ALL THE DATA HAS BACK NOW 😍

  • Like 1
Link to post
Share on other sites
JGEthan

JGEthan 0

Posted
Posted
2 hours ago, GT500 said:

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

All you have to do now is give us some time, and we'll do what we can for you.

Thanks Buddy I really need my Data back .. Its V.imp and there is no backup thats why

Link to post
Share on other sites
EricN

EricN 0

Posted
Posted

@GT500 this my result... please help me... i really need the file... 

 

Please Help Me...

[+] Loaded 43 offline keys
Please archive the following info in case of future decryption:
[*] ID: 4HPyKBFsnsZT5KqtZV4L5VkeBtOK4qQ9lrdK6BAt
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] MACs: 98:28:A6:21:A5:DC, 32:D1:6B:DE:FA:9F, 42:D1:6B:DE:FA:9F, 30:D1:6B:DE:FA:9F
This info has also been logged to STOPDecrypter-log.txt

Addition.txt FRST.txt

Link to post
Share on other sites
Abichandra

Abichandra 1

Posted
Posted
4 hours ago, GT500 said:

What's giving you this warning? Your Anti-Virus software?

The STOPDecrypter gave me this warning, but I've managed to solve this. It's because I need to update my Net Framework.

And now the STOPDecrypter gave me this

[+] Loaded 43 offline keys
Please archive the following info in case of future decryption:
[*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1
[*] ID: HgUNhAuveBRDLf4pEKIYrn6MGAEdovUjLQ4RNz9Z
[*] MACs: 00:FF:15:DB:D5:11, 50:B7:C3:BB:37:96, 50:B7:C3:BB:37:95, 50:B7:C3:82:92:98
This info has also been logged to STOPDecrypter-log.txt

and this

Decrypted 0 files!
Skipped 138 files.

[!] No keys were found for the following IDs:
[*] ID: HgUNhAuveBRDLf4pEKIYrn6MGAEdovUjLQ4RNz9Z (.gerosan )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 00:FF:15:DB:D5:11, 50:B7:C3:BB:37:96, 50:B7:C3:BB:37:95, 50:B7:C3:82:92:98
This info has also been logged to STOPDecrypter-log.txt

Please help, thank you

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 01/16/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...