popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Update.exe2.rar

Generic Malware Malicious Packer PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 18, 2021, 7:44 p.m. Sept. 18, 2021, 7:46 p.m.
Size 78.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 093f098e70cc57a17d02323cbe6cd484
SHA256 ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1
CRC32 5E748FC9
ssdeep 1536:PhkWBeG/LEOSsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2Osf:LBe8dSsrQLOJgY8Zp8LHD4XWaNH71dLT
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool (C) Copyright 2001-2005 Microsoft Corp.
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: No items found that satisfy the query.
console_handle: 0x0000000000000007
1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x77baf559
RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x77baf639
RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x77b5df95
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x76a414dd
update+0x12e16 @ 0xe02e16
update+0x9848 @ 0xdf9848
update+0xa874 @ 0xdfa874
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff
exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653
exception.instruction: jmp 0x77bae667
exception.module: ntdll.dll
exception.exception_code: 0xc0000374
exception.offset: 845395
exception.address: 0x77bae653
registers.esp: 54972056
registers.edi: 5034408
registers.eax: 54972072
registers.ebp: 54972176
registers.edx: 0
registers.ebx: 0
registers.esi: 4063232
registers.ecx: 2147483647
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2496
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x741a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2496
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e81000
process_handle: 0xffffffff
1 0 0
cmdline "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
cmdline cmd.exe /c vssadmin.exe delete shadows /all /quiet
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /c vssadmin.exe delete shadows /all /quiet
filepath: cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000198
process_name: wsqmcons.exe
process_identifier: 2644
1 1 0

Process32NextW

 snapshot_handle: 0x00000198
process_name: taskhost.exe
process_identifier: 2552
1 1 0

Process32NextW

 snapshot_handle: 0x00000198
process_name: cmd.exe
process_identifier: 1912
1 1 0

Process32NextW

 snapshot_handle: 0x00000198
process_name: conhost.exe
process_identifier: 2204
1 1 0

Process32NextW

 snapshot_handle: 0x00000198
process_name: SearchProtocolHost.exe
process_identifier: 2040
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeBackupPrivilege
1 1 0
file C:\Python27\agent.pyw
file C:\Python27\include\pyport.h.delta
file C:\Python27\click\click\click_image\exit1.png.delta
file C:\Python27\DLLs\py.ico.delta
file C:\Python27\include\Python-ast.h.delta
file C:\Python27\include\frameobject.h.delta
file C:\Python27\include\longobject.h.delta
file C:\Python27\DLLs\_msi.pyd.delta
file C:\Python27\click\click_image\attach.png.delta
file C:\Python27\click\click_image\doc1.png.delta
file C:\Python27\include\pyfpe.h.delta
file C:\Python27\include\structseq.h.delta
file C:\Python27\README.txt.delta
file C:\Python27\include\ucnhash.h.delta
file C:\Python27\Doc\python2718.chm.delta
file C:\Python27\include\longintrepr.h.delta
file C:\Python27\include\symtable.h.delta
file C:\Python27\include\pythread.h.delta
file C:\Python27\include\classobject.h.delta
file C:\Python27\agent.pyw.delta
file C:\Python27\include\descrobject.h.delta
file C:\Python27\include\pyconfig.h.delta
file C:\Python27\include\bufferobject.h.delta
file C:\Python27\DLLs\_testcapi.pyd.delta
file C:\Python27\include\pymem.h.delta
file C:\Python27\include\pymacconfig.h.delta
file C:\Python27\include\listobject.h.delta
file C:\Python27\click\click\click_image\exec1.png.delta
file C:\Python27\click\click_image\robot.png.delta
file C:\Python27\Lib\bsddb\__init__.py.delta
file C:\Python27\Lib\compiler\misc.py.delta
file C:\Python27\include\pydebug.h.delta
file C:\Python27\click\click_image\ok1.png.delta
file C:\Python27\include\boolobject.h.delta
file C:\Python27\include\cStringIO.h.delta
file C:\Python27\include\ceval.h.delta
file C:\Python27\click\click_image\doc2.png.delta
file C:\Python27\click\click_image\docx2.png.delta
file C:\Python27\include\osdefs.h.delta
file C:\Python27\include\traceback.h.delta
file C:\Python27\DLLs\_ctypes_test.pyd.delta
file C:\Python27\include\funcobject.h.delta
file C:\Python27\include\opcode.h.delta
file C:\Python27\include\errcode.h.delta
file C:\Python27\include\rangeobject.h.delta
file C:\Python27\include\asdl.h.delta
file C:\Python27\include\iterobject.h.delta
file C:\Python27\include\node.h.delta
file C:\Python27\DLLs\_sqlite3.pyd.delta
file C:\Python27\include\pymath.h.delta
file C:\Python27\DLLs\_multiprocessing.pyd.delta
Time & API Arguments Status Return Repeated

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000350
filepath: C:\Users\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000344
filepath: C:\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000344
filepath: C:\PerfLogs\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000348
filepath: C:\GPKI\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x0000035c
filepath: C:\MSOCache\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x0000034c
filepath: C:\Config.Msi\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000348
filepath: C:\PerfLogs\Admin\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000358
filepath: C:\Python27\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x0000034c
filepath: C:\Python27\click\click\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x0000035c
filepath: C:\Python27\click\click_image\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000344
filepath: C:\Python27\click\click\click_image\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x0000036c
filepath: C:\Python27\click\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000344
filepath: C:\Python27\DLLs\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000384
filepath: C:\Python27\Doc\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000384
filepath: C:\Python27\include\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x000003d8
filepath: C:\Python27\Lib\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000384
filepath: C:\Python27\Lib\bsddb\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x00000380
filepath: C:\Python27\Lib\bsddb\test\Help Restore Your Files.txt
1 0 0

NtWriteFile

 buffer: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
offset: 0
file_handle: 0x000003c0
filepath: C:\Python27\Lib\compiler\Help Restore Your Files.txt
1 0 0
cmdline vssadmin.exe delete shadows /all /quiet
cmdline vssadmin.exe delete shadows /all /quiet
cmdline "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
cmdline cmd.exe /c vssadmin.exe delete shadows /all /quiet
Elastic malicious (high confidence)
MicroWorld-eScan Generic.Ransom.Babuk.A.2792F39D
FireEye Generic.mg.093f098e70cc57a1
ALYac Generic.Ransom.Babuk.A.2792F39D
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005782fe1 )
K7GW Trojan ( 005782fe1 )
CrowdStrike win/malicious_confidence_70% (D)
BitDefenderTheta Gen:NN.ZexaF.34142.euW@a0wVUsc
Symantec Ransom.Babuk
ESET-NOD32 a variant of Win32/Filecoder.Babyk.A
APEX Malicious
ClamAV Win.Ransomware.Maze-7473772-0
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Generic.Ransom.Babuk.A.2792F39D
Avast Win32:Malware-gen
Ad-Aware Generic.Ransom.Babuk.A.2792F39D
Sophos ML/PE-A
TrendMicro Ransom.Win32.BABUK.SMRD1
McAfee-GW-Edition BehavesLike.Win32.Generic.lm
Emsisoft Trojan.FileCoder (A)
SentinelOne Static AI - Malicious PE
GData Generic.Ransom.Babuk.A.2792F39D
Avira HEUR/AGEN.1142556
MAX malware (ai score=85)
Arcabit Generic.Ransom.Babuk.A.2792F39D
ZoneAlarm HEUR:Trojan-Ransom.Win32.Generic
Microsoft Ransom:Win32/Babuk.MAK!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Ransomware/Win.Babuk.R441290
Acronis suspicious
McAfee GenericRXNS-AS!093F098E70CC
VBA32 BScope.TrojanRansom.Crypmod
Malwarebytes Malware.AI.3103134655
TrendMicro-HouseCall Ransom.Win32.BABUK.SMRD1
Rising Ransom.Babuk!1.D7A0 (CLASSIC)
Fortinet W32/FilecoderProt.F183!tr.ransom
AVG Win32:Malware-gen
Panda Trj/GdSda.A
MaxSecure Trojan.Malware.121218.susgen