Can anybody decrypt this key ?

can anybody decrypt this key ?
victim of ransomware and i believe this is the key to at least 6 of my drives
c4 51 02 b1 5c 00 00 00 0d 20 00 00 0d 20 00 00 AES128

Other urls found in this thread:

github.com/Aorimn/dislocker
twitter.com/SFWRedditGifs

i didnt actually pay him but was playing my odds

Just restore from your backups you incredible fucking idiot

Restore from backups or pay the guy because you're exactly the kind of dumb fuck to get raped by this kind of malware.

Maybe doing chores for mommy to get the $200 ransom will teach you to make backups.

it's 0.5 BTC
and 5.5TB of stuff. I got the first 6 digits of the 48, it says the second group is wrong
im working on it now, trying to at least, the recovery key

196812
First group

lol kys cuck. How'd you get hit in the first place?

Hello there.

I would like to tell you first I'm sorry about that. Your documents, files, database, most are in original places or some moved to your local data. If you want to regain access to your local data please send 0.5 BTC (Bitcoin) to this address: "btc" as fast as you can and email me at "email" If you dont know what bitcoin is, please ask me for bitcoin website that you can buy it fast or search on google for a local Bitcoin shop or ATM and transfer 0.5 BTC to this address: "btc"

It's not my fault if you are trying to format disk and lose all, encrypted files are not recoverable without bitlocker passoword. Here are only one way to get all back and regain access to your local hard disk drive and this way is to send 0.5 Bitcoin to this address: "btc"

It's just business not trying to get your money and then to not give your bitlocker password. Only me can give your password to unlock your Locals Disk so this is the only chance to get all back. Waiting for your reply to my email address ( "email" or to my second email in case gmail not work "email" ) if you wanna get the bitlocker password.

If you have any questions please feel free to contact me at anytime.

"email"
Thanks for your time!

Where are all of the people who always scream about how BitLocker supposedly has backdoors, is easily crackable, etc.? Seems they can't put their money where their mouth is to help this guy out...

>bitlocker
Just call the cops and tell them it has CP, they will quickly unlock it for you.

i have no fking clue, i just bought a cheap keyboard, mouse and hdd from microcenter. no software ever popped up or anything
couldnt log into my pc yesterday and had to login with my other account, when i logged in i saw the desktop icons were on the screen and so without thinking (the gf likes to unhide them) i just hid them. went to play a game on steam and noticed all of my games were grey. checked my pc and everything had a lock. thought the pc was fucked up and did it itself until i did some googling and then checked my desktop

i have the first 6 digits already lol with that key, it shows up on 6 of the lines, and i have 8 drives, 2 of which are removable

# BANNER FILE NOT PROVIDED (-b option)
# BULK_EXTRACTOR-Version: 1.5.2 ($Rev: 10844 $)
# Feature-Recorder: aes_keys
# Filename: C:\windows\MEMORY.DMP
# Feature-File-Version: 1.1
63973400 d2 44 3e a1 73 95 d8 8c d9 99 c2 17 e0 fa b4 19 32 b2 87 5b 74 0f ed e3 e1 77 9f 42 3a 43 2c 2f AES256

106732444 d7 5a 20 ab ce b5 cd b1 c2 ba d1 99 aa 76 04 ce 4b 67 ca 3a cf e2 d8 eb 39 59 3b 28 8e 81 05 3f AES256

106733100 59 dc db cc e3 84 bc de e8 e9 32 29 15 4f 40 33 25 c2 12 14 0c 5a c1 e8 57 12 33 94 a9 9b 78 00 AES256

236303760 c4 51 02 b1 5c 00 00 00 0d 20 00 00 0d 20 00 00 AES128

228761696 87 8c 88 2f 36 ae 0d b6 0d 5a e9 e1 4a ce da d5 8c 0d 1f 0d 53 b7 10 cf 49 31 61 9c cc d2 48 e8 AES256

737682096 ef 60 ac bc 57 16 12 6f 2a 06 e5 d7 01 c1 4a de AES128

2298809248 43 67 e6 8c 9a d3 12 16 6c 48 be 7a 25 47 97 1b ce be 53 76 a2 07 66 77 62 5d e9 a6 43 39 5b 85 AES256

2778221824 f6 b4 f3 a7 d4 35 67 2f 37 ba fe 0e c9 93 f1 3b 52 a3 cb c2 c0 92 5e 4b 05 b5 1d e9 2e be f1 44 AES256

2794221920 5b 74 8e 5b dc 80 9a ca 05 cf f6 c1 71 66 a0 84 0a 93 e0 79 b2 3f 5b 4a 8e 31 0a 0e eb 25 7f ec AES256

2794222736 06 95 a6 08 35 4c 39 ea a2 50 4c 88 9f a7 31 f8 28 8b 04 9b 4f e4 23 1f 0f 84 47 51 12 98 64 fd AES256

2927796448 c4 51 02 b1 5c 00 00 00 0d 20 00 00 0d 20 00 00 AES128

i recommend regularly updating windows, don't ignore that

also don't pirate video games, it's stealing

and finally, get a good active antivirus and run virus scans every once and a while since you are too dumb for common sense, I recommend Malwarebytes, it has good detection rates and is very non-intrusive

you won't be getting your data back

its pretty possible actually, the guy used the same key for most of the drives

Give it back, Agent Lynch

2966635648 0e f6 e1 e3 9a 24 37 e6 4f f2 f5 34 8a 2d 9a b2 d9 94 6e 84 be 8e e3 93 7e e5 e1 86 e5 39 37 c2 AES256
2966638208 0e f6 e1 e3 9a 24 37 e6 4f f2 f5 34 8a 2d 9a b2 d9 94 6e 84 be 8e e3 93 7e e5 e1 86 e5 39 37 c2 AES256

2970867920 23 88 42 d0 97 2e 02 86 31 ee 3b 20 1d b6 75 90 3c e3 2a 1f 64 8a 95 c3 bf a1 60 e8 2e 62 76 21 AES256

3003551168 5e 2d 5d a3 94 0a 6c 32 9f d9 98 fd 22 f5 b1 cb 0d 5a 3b 17 e8 3f 91 d8 7f 31 9d 86 27 be 90 c2 AES256

3219539968 e7 fe c4 69 47 e7 49 18 55 af 84 58 b3 90 7f 9b 8a 6a 38 73 7c 12 98 95 53 00 a9 17 5d 11 ba 28 AES256

3231486736 c4 51 02 b1 5c 00 00 00 0d 20 00 00 0d 20 00 00 AES128

3268261640 d2 44 3e a1 73 95 d8 8c d9 99 c2 17 e0 fa b4 19 32 b2 87 5b 74 0f ed e3 e1 77 9f 42 3a 43 2c 2f AES256

3276528880 c4 51 02 b1 5c 00 00 00 0d 20 00 00 0d 20 00 00 AES128

3294699216 23 88 42 d0 97 2e 02 86 31 ee 3b 20 1d b6 75 90 3c e3 2a 1f 64 8a 95 c3 bf a1 60 e8 2e 62 76 21 AES256

3301962096 c4 51 02 b1 5c 00 00 00 0d 20 00 00 0d 20 00 00 AES128

3302939648 d2 44 3e a1 73 95 d8 8c d9 99 c2 17 e0 fa b4 19 32 b2 87 5b 74 0f ed e3 e1 77 9f 42 3a 43 2c 2f AES256

3306628896 bb cf b7 03 ea 62 34 82 d7 bd 9c e0 3d 6a 94 a2 6c 68 a9 7a 21 0d 52 a7 23 0c f7 b1 6b 1e 37 8d AES256
3340287264 bb cf b7 03 ea 62 34 82 d7 bd 9c e0 3d 6a 94 a2 6c 68 a9 7a 21 0d 52 a7 23 0c f7 b1 6b 1e 37 8d AES256

4446422208 39 68 90 37 ef 61 c6 b9 b5 7e 4c 9d 8b f1 6a 05 AES128
4446424768 39 68 90 37 ef 61 c6 b9 b5 7e 4c 9d 8b f1 6a 05 AES128

4462563648 1b 17 36 86 b5 13 18 11 c4 f3 44 9a dd ac bd e5 AES128
4463343424 1b 17 36 86 b5 13 18 11 c4 f3 44 9a dd ac bd e5 AES128

4425356288 ae de 47 04 c7 13 29 bd 7e 96 05 76 be 63 d3 82 c8 8e 37 7d a9 62 06 5e db 82 7f c4 31 f9 17 9b AES256

4426347776 21 00 c2 a2 04 eb 67 81 51 3f df e5 bb ca 27 89 79 a3 8b 33 9a 27 23 2e df f4 f9 02 4f 67 ea a3 AES256
4426350336 21 00 c2 a2 04 eb 67 81 51 3f df e5 bb ca 27 89 79 a3 8b 33 9a 27 23 2e df f4 f9 02 4f 67 ea a3 AES256

4426887660 ae de 47 04 c7 13 29 bd 7e 96 05 76 be 63 d3 82 c8 8e 37 7d a9 62 06 5e db 82 7f c4 31 f9 17 9b AES256

4426888316 d2 44 3e a1 73 95 d8 8c d9 99 c2 17 e0 fa b4 19 32 b2 87 5b 74 0f ed e3 e1 77 9f 42 3a 43 2c 2f AES256

4981825248 12 b1 68 e4 42 e2 ec 22 aa 4f 59 50 52 53 26 32 AES128

4985659504 ee d6 b4 fb 35 0e 4d d0 41 0f ef 8f 53 8c 70 d5 AES128

4985660160 33 cb e5 3d 28 05 37 8b 11 06 a5 7c a4 61 3e 0d AES128

4985661472 37 af af 07 b3 90 c8 57 d0 85 81 c3 13 e5 a5 62 AES128

4985662784 74 18 1c 32 fb a3 25 c6 ca b6 d4 36 e9 5e 9b 2e AES128

5319447036 d7 5a 20 ab ce b5 cd b1 c2 ba d1 99 aa 76 04 ce 4b 67 ca 3a cf e2 d8 eb 39 59 3b 28 8e 81 05 3f AES256
5319447692 59 dc db cc e3 84 bc de e8 e9 32 29 15 4f 40 33 25 c2 12 14 0c 5a c1 e8 57 12 33 94 a9 9b 78 00 AES256

5322352736 d7 5a 20 ab ce b5 cd b1 c2 ba d1 99 aa 76 04 ce 4b 67 ca 3a cf e2 d8 eb 39 59 3b 28 8e 81 05 3f AES256
5322353520 59 dc db cc e3 84 bc de e8 e9 32 29 15 4f 40 33 25 c2 12 14 0c 5a c1 e8 57 12 33 94 a9 9b 78 00 AES256

5337535068 d7 5a 20 ab ce b5 cd b1 c2 ba d1 99 aa 76 04 ce 4b 67 ca 3a cf e2 d8 eb 39 59 3b 28 8e 81 05 3f AES256
5337535724 59 dc db cc e3 84 bc de e8 e9 32 29 15 4f 40 33 25 c2 12 14 0c 5a c1 e8 57 12 33 94 a9 9b 78 00 AES256

5487199472 68 79 c3 ad 41 4e 0b 70 08 5e 48 9e 07 e3 03 3e AES128

5487200128 c4 19 3a b6 23 c9 d3 b0 5f ec e6 5a 37 3f a5 ac AES128

5487200784 c8 e1 7c 84 bb 9f f6 b5 58 59 da e5 92 50 24 d4 AES128

5487201440 b8 3a a9 3a 5a 8a 3e 40 23 86 66 fa 4d 96 cb b8 AES128

16251484720 07 23 49 a6 02 bb 52 71 7d a2 3a cf c4 d2 fc db AES128

16665059472 98 24 f0 69 46 e0 2d dd fa 9e 8d ac 04 d0 5f 67 ef d5 fb 31 c1 cf 16 38 b8 ec 14 c3 ac 17 81 ff AES256

16824781632 4c 16 97 85 5f 66 92 63 c1 1f d4 2d 94 ed 14 52 AES128


A 59BFEE82
D AEAA3229
E 50CF0983
H 8A21C6A4
J 7595C27A
L 62AFD100
Q 95F1B49B
T DF1FFB8F


19681217792135368709252097152

/fin

>fin
Nigga if this works, imma need you to explain what happened here...

lol that is all of the info i have so far

Pretty certain he's trying to piece together his key from a Memory dump.

177921 doesnt work so far

explain? i'm super curious now

and you are correct

># BULK_EXTRACTOR-Version: 1.5.2 ($Rev: 10844 $)
># Feature-Recorder: aes_keys
># Filename: C:\windows\MEMORY.DMP

See the filename, MEMORY.DMP that's a windows memory dump file. I'd hope that keys related to Windows own crypto wouldn't leak through a dump but hell who knows.
Best of luck to OP.

>0.5 BTC
lol

Op here, their the same keys I got from elcom forensics disk decryptor

They're*

Btc is trading at 2251 last time I checked lol

...

I think the purpose of the ransomware was to inflate the value of BTC even more.

just tried 000000 as the first group of digits, says the same thing
"digit group 2 contains an error"

how long would it take to brute force guessing 7 groups of 6 digits each?

loop through with:
sudo dislocker -r -V /dev/sda1 -p196812-000000-000000-000000-000000-000000-000000-000000 -- /media/windows

...

going from 0-1x10^42 alone will take some time... not to mention time for encryption... does dislocker support GPU shit?

not sure i just found it here github.com/Aorimn/dislocker

seems instead of using bash to find all of the right files, i just need to try and boot into ubuntu 16 with a usb drive and try dislocker

these are all the key i have, i need a 48 digit one

son of a bitch