我在尝试解密数据的时候成功过一次,恢复了部分数据,但是再重新解密的时候又失败了,病毒已经用杀毒软件清理了,一下是我在使用工具时的一些提示,希望能有用:
----------------------------------------------------------------------------------------------------------------------
软件启动时的信息
[+] Loaded 43 offline keys
Please archive the following info in case of future decryption:
ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
This info has also been logged to STOPDecrypter-log.txt
-----------------------------------------------------------------------------------------------------------------------------------------------
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
Unidentified ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
----------------------------------------
STOPDecrypter v2.1.0.10
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.muslat )
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
Unidentified ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
-----------------------------------------------------------------------------------------------
STOPDecrypter-log文本中的信息:
STOPDecrypter v2.1.0.10
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.muslat )
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
Unidentified ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
----------------------------------------
STOPDecrypter v2.1.0.10
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
Error on file 'D:\周欢\2015年8月.doc.muslat': System.IO.IOException: 文件“D:\周欢\2015年8月.doc”正由另一进程使用,因此该进程无法访问此文件。
在 System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
在 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
在 System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access)
在 STOPDecrypter.Decrypter.DecryptFile(String filepath, Variant variant, Byte[] keystream, List`1 keys, List`1 keyStreams)
在 STOPDecrypter.MainForm.DecryptDirectory(String location, Boolean delete)
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.muslat )
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.jpg )
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.muslat )
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.jpg )
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
Decrypted 0 files, skipped 1077
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
Unidentified ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
----------------------------------------
STOPDecrypter v2.1.0.10
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
Unidentified ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
Unidentified ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1
MACs: BE:E9:A3:E8:43:D7, 48:5B:39:AA:4A:6B
----------------------------------------
STOPDecrypter v2.1.0.10
OS Microsoft Windows NT 6.2.9200.0, .NET Framework Version 4.0.30319.42000
----------------------------------------
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.muslat )
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.JPG )
No key for ID: p4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru (.jpg )
No key for ID: dLoJuwk26P2wogGWZREN7JEyvljcvICqcYfwIft1 (.JPG )
---------------------------------------------------------------------------------------------------------------------------------
我收到的勒索信:
ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-BTtULebL7FPrice of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.chReserve e-mail address to contact us:
gorentos@firemail.ccOur Telegram account:
@datarestore
Your personal ID:
100bgdfFy6dusp4MD9xffHT9DNtaOn69ftGhUalJnIj8Zi9XA30Ru
最后是我的源文件、加密文件及勒索信
链接:
https://pan.baidu.com/s/1DaRBr7HSR243vVKkmk2oFw 提取码: v9i4
