经过分析,发现ID似乎是固定的某个值...
里面还含有很多js脚本,麻烦各位大佬分析分析这份“勒索信”有没有害处
- <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>
- <html>
- <head>
- <meta charset='windows-1251'>
- <title>encrypted</title>
- <HTA:APPLICATION
- ICON='msiexec.exe'
- SINGLEINSTANCE='yes'
- SysMenu="no">
- <script language='JScript'>
- window.moveTo(50, 50);
- window.resizeTo(screen.width - 100, screen.height - 100);
- </script>
- <style type='text/css'>
- body {
- font: 15px Tahoma, sans-serif;
- margin: 10px;
- line-height: 25px;
- background: #EDEDED;
- }
- img {
- display:inline-block;
- }
- .bold {
- font-weight: bold;
- }
- .mark {
- background: #D0D0E8;
- padding: 2px 5px;
- }
- .header {
- text-align: center;
- font-size: 30px;
- line-height: 50px;
- font-weight: bold;
- margin-bottom:20px;
- }
-
- .info {
- background: #D0D0E8;
- border-left: 10px solid #00008B;
- }
- .alert {
- background: #FFE4E4;
- border-left: 10px solid #FF0000;
- }
- .private {
- border: 1px dashed #000;
- background: #FFFFEF;
- }
- .note {
- height: auto;
- padding-bottom: 1px;
- margin: 15px 0;
- }
- .note .title {
- font-weight: bold;
- text-indent: 10px;
- height: 30px;
- line-height: 30px;
- padding-top: 10px;
- }
- .note .mark {
- background: #A2A2B5;
- }
- .note ul {
- margin-top: 0;
- }
- .note pre {
- margin-left: 15px;
- line-height: 13px;
- font-size: 13px;
- }
- .footer {
- position:fixed;
- bottom:0;
- right:0;
- text-align: right;
- }
- </style>
- </head>
- <body>
- <div class='header'>
- <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII='>
- <div>All your files have been encrypted!</div>
- </div>
- <div class='bold'>All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail <span class='mark'>2300957600@qq.com</span></div> <div class='bold'>Write this ID in the title of your message <span class='mark'>CC5D85EE-3435</span></div>
- <div class='bold'>In case of no answer in 24 hours write us to this e-mail:<span class='mark'>pythonhavenoname@163.com</span></div>
- <div>
- You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
- </div>
-
- <div class='note info'>
- <div class='title'>Free decryption as guarantee</div>
- <ul>Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) </ul>
- </div>
- <div class='note info'>
- <div class='title'>How to obtain Bitcoins</div>
- <ul>
- The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
- <br><a href='https://localbitcoins.com/buy_bitcoins'>https://localbitcoins.com/buy_bitcoins</a>
- <br> Also you can find other places to buy Bitcoins and beginners guide here:
- <br><a href='http://www.coindesk.com/information/how-can-i-buy-bitcoins/'>http://www.coindesk.com/information/how-can-i-buy-bitcoins/</a>
- </ul>
- </div>
- <div class='note alert'>
- <div class='title'>Attention!</div>
- <ul>
- <li>Do not rename encrypted files.</li>
- <li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
- <li>Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.</li>
- </ul>
- </div>
- </body>
- </html>
以下是勒索信效果:
 All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail 2300957600@qq.com
Write this ID in the title of your message CC5D85EE-3435
In case of no answer in 24 hours write us to this e-mail:pythonhavenoname@163.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
[url=]https://localbitcoins.com/buy_bitcoins[/url]
Also you can find other places to buy Bitcoins and beginners guide here:
[url=]http://www.coindesk.com/information/how-can-i-buy-bitcoins/[/url]
Attention!
- Do not rename encrypted files.
- Do not try to decrypt your data using third party software, it may cause permanent data loss.
- Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
勒索信翻译版:
您的所有文件都已加密!
由于您的 PC 存在安全问题,您的所有文件都已加密。如果您想恢复它们,请写信给我们的电子邮件2300957600@qq.com
将此 ID 写在您的消息标题中CC5D85EE-3435
如果 24 小时内无人接听,请写信给我们:pythonhavenoname@163.com
您必须用比特币支付解密费用。价格取决于您给我们写信的速度。付款后,我们将向您发送解密所有文件的工具。
免费解密为保证
在付款之前,您最多可以向我们发送 5 个文件以供免费解密。文件总大小必须小于 4Mb(非存档),并且文件不应包含有价值的信息。(数据库、备份、大型 Excel 工作表等)
如何获得比特币
购买比特币最简单的方法是 LocalBitcoins 网站。您必须注册,点击“购买比特币”,然后通过付款方式和价格选择卖家。
[url=]https://localbitcoins.com/buy_bitcoins[/url]
您还可以在这里找到其他购买比特币的地方和初学者指南:http:
[url=]//www.coindesk.com/information/how-can-i-buy-bitcoins/[/url]
注意力!
- 不要重命名加密文件。
- 不要尝试使用第三方软件解密您的数据,这可能会导致永久性数据丢失。
- 在第三方的帮助下解密您的文件可能会导致价格上涨(他们向我们收取费用)或者您可能成为骗局的受害者。
|
发表于 2022-12-19 14:01:04
楼主
