Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 4, 2024, 5 p.m.	July 4, 2024, 5:08 p.m.

Size	55.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a35596ed0bfb34de4e512a3225f8300a`
SHA256	`7c2dbad516d18d2c1c21ecc5792bc232f7b34dadc1bc19e967190d79174131d1`
CRC32	`534DF453`
ssdeep	`1536:gZVYb2bbBisyEcPC00h7sBvvKk+jTc7+T8l7RJV62CzVDL+oWB27evMCUQ:EV+GiVEc6RsMJQ`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

DeathRansom_1.exe "C:\Users\test22\AppData\Local\Temp\DeathRansom_1.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW July 4, 2024, 4:59 p.m.	computer_name: TEST22-PC	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 4, 2024, 4:59 p.m.		1	1	0

One or more processes crashed (10 events)

Time & API	Arguments	Status
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x20b RtlpUnWaitCriticalSection-0x1c4 ntdll+0x38cb8 @ 0x76f48cb8 RtlpUnWaitCriticalSection+0xbd memmove-0x17 ntdll+0x38f39 @ 0x76f48f39 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce deathransom_1+0x32bd @ 0x2832bd deathransom_1+0x4706 @ 0x284706 deathransom_1+0x4fea @ 0x284fea RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 56 e8 01 fb 01 00 e9 df 65 fb ff 81 67 14 00 exception.symbol: RtlUlonglongByteSwap+0x5475 RtlFreeOemString-0x1c465 ntdll+0x82865 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000008 exception.offset: 534629 exception.address: 0x76f92865 registers.esp: 6419656 registers.edi: 0 registers.eax: 3221225480 registers.ebp: 6419736 registers.edx: 0 registers.ebx: 0 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x20b RtlpUnWaitCriticalSection-0x1c4 ntdll+0x38cb8 @ 0x76f48cb8 RtlpUnWaitCriticalSection+0x93 memmove-0x41 ntdll+0x38f0f @ 0x76f48f0f RtlImageNtHeader+0x30e RtlDeleteCriticalSection-0x1183 ntdll+0x33472 @ 0x76f43472 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd deathransom_1+0xa7c5 @ 0x28a7c5 RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 56 e8 01 fb 01 00 e9 df 65 fb ff 81 67 14 00 exception.symbol: RtlUlonglongByteSwap+0x5475 RtlFreeOemString-0x1c465 ntdll+0x82865 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000008 exception.offset: 534629 exception.address: 0x76f92865 registers.esp: 55899580 registers.edi: 0 registers.eax: 3221225480 registers.ebp: 55899660 registers.edx: 0 registers.ebx: 0 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0x73a RtlDeleteCriticalSection-0xd57 ntdll+0x3389e @ 0x76f4389e RtlImageNtHeader+0x30e RtlDeleteCriticalSection-0x1183 ntdll+0x33472 @ 0x76f43472 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd deathransom_1+0xa7c5 @ 0x28a7c5 RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000022 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 63764960 registers.edi: 9503036 registers.eax: 3221225506 registers.ebp: 63764960 registers.edx: 0 registers.ebx: 4294967275 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0xb10 RtlDeleteCriticalSection-0x981 ntdll+0x33c74 @ 0x76f43c74 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce RtlUpcaseUnicodeToMultiByteN+0xdd RtlSetCurrentDirectory_U-0x75 ntdll+0x4919a @ 0x76f5919a WinSqmIncrementDWORD+0x66 RtlGetCurrentDirectory_U-0x122 ntdll+0x60f1b @ 0x76f70f1b RtlDetermineDosPathNameType_U+0x2ba RtlReleaseRelativeName-0xe ntdll+0x3a8f3 @ 0x76f4a8f3 RtlDosPathNameToNtPathName_U_WithStatus+0x18 LdrAccessResource-0x898 ntdll+0x41678 @ 0x76f51678 GetFileAttributesW+0x1a GetFileAttributesExW-0x9d kernelbase+0x18b28 @ 0x75988b28 New_kernel32_GetFileAttributesW@4+0x32 New_kernel32_GetFileInformationByHandle@8-0xc7 @ 0x736e8fa4 GetLongPathNameW+0x63 FindActCtxSectionStringW-0x398 kernel32+0x1a378 @ 0x755ca378 path_get_full_pathW+0x474 path_get_full_path_handle-0xa8 @ 0x736dd6eb path_get_full_path_objattr+0x3d reg_get_key-0x3d2 @ 0x736dd8d6 New_ntdll_NtCreateFile@44+0x16f New_ntdll_NtCreateKey@28-0xd9 @ 0x736edc35 CreateFileW+0x35e CreateFileA-0x13d kernelbase+0x1b634 @ 0x7598b634 CreateFileW+0x4a GetFullPathNameW-0x12e kernel32+0x13fa6 @ 0x755c3fa6 deathransom_1+0xa72e @ 0x28a72e RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 73394724 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 73394724 registers.edx: 0 registers.ebx: 4294966235 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0xb10 RtlDeleteCriticalSection-0x981 ntdll+0x33c74 @ 0x76f43c74 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce deathransom_1+0xa78b @ 0x28a78b RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 77985804 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 77985804 registers.edx: 0 registers.ebx: 4294966239 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0xb10 RtlDeleteCriticalSection-0x981 ntdll+0x33c74 @ 0x76f43c74 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce deathransom_1+0xa890 @ 0x28a890 deathransom_1+0xa98b @ 0x28a98b deathransom_1+0xa98b @ 0x28a98b deathransom_1+0xa98b @ 0x28a98b deathransom_1+0xa98b @ 0x28a98b deathransom_1+0xba2a @ 0x28ba2a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 4976460 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 4976460 registers.edx: 0 registers.ebx: 4294966243 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0x73a RtlDeleteCriticalSection-0xd57 ntdll+0x3389e @ 0x76f4389e RtlImageNtHeader+0x30e RtlDeleteCriticalSection-0x1183 ntdll+0x33472 @ 0x76f43472 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd deathransom_1+0xa7c5 @ 0x28a7c5 RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 66909776 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 66909776 registers.edx: 0 registers.ebx: 4294966247 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0xb10 RtlDeleteCriticalSection-0x981 ntdll+0x33c74 @ 0x76f43c74 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce deathransom_1+0x32bd @ 0x2832bd deathransom_1+0x4706 @ 0x284706 deathransom_1+0x4fea @ 0x284fea RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 70318232 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 70318232 registers.edx: 0 registers.ebx: 4294966251 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0xb10 RtlDeleteCriticalSection-0x981 ntdll+0x33c74 @ 0x76f43c74 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce deathransom_1+0xa78b @ 0x28a78b RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 34796908 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 34796908 registers.edx: 0 registers.ebx: 4294966255 registers.esi: 9503032 registers.ecx: 1931095561	1
__exception__ July 4, 2024, 4:59 p.m.	stacktrace: RtlIntegerToUnicodeString+0x3c5 RtlpUnWaitCriticalSection-0xa ntdll+0x38e72 @ 0x76f48e72 RtlImageNtHeader+0xb10 RtlDeleteCriticalSection-0x981 ntdll+0x33c74 @ 0x76f43c74 RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce deathransom_1+0x32bd @ 0x2832bd deathransom_1+0x4706 @ 0x284706 deathransom_1+0x4fea @ 0x284fea RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 64 8b 15 18 00 00 00 8b 42 30 f6 80 40 02 00 exception.symbol: RtlUlonglongByteSwap+0x5368 RtlFreeOemString-0x1c572 ntdll+0x82758 exception.instruction: int3 exception.module: ntdll.dll exception.exception_code: 0xc0000024 exception.offset: 534360 exception.address: 0x76f92758 registers.esp: 68417416 registers.edi: 9503036 registers.eax: 3221225508 registers.ebp: 68417416 registers.edx: 0 registers.ebx: 4294966259 registers.esi: 9503032 registers.ecx: 1931095561	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 4, 2024, 4:59 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733c2000 process_handle: 0xffffffff	1	0	0

Attempts to detect Cuckoo Sandbox through the presence of a file (1 event)

file	C:\Python27\agent.pyw

Writes a potential ransom message to disk (20 events)

Time & API	Arguments	Status
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002d0 filepath: C:\Users\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002dc filepath: C:\GPKI\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f4 filepath: C:\MSOCache\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f0 filepath: C:\PerfLogs\Admin\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f0 filepath: C:\PerfLogs\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f8 filepath: C:\Python27\click\click\click_image\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f8 filepath: C:\Python27\click\click\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f8 filepath: C:\Python27\click\click_image\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002d0 filepath: C:\Python27\click\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000328 filepath: C:\Python27\DLLs\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000328 filepath: C:\Python27\Doc\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000328 filepath: C:\Python27\include\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f8 filepath: C:\Python27\Lib\bsddb\test\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f4 filepath: C:\Python27\Lib\bsddb\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x0000032c filepath: C:\Python27\Lib\compiler\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000334 filepath: C:\Python27\Lib\ctypes\macholib\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000334 filepath: C:\Python27\Lib\ctypes\test\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000334 filepath: C:\Python27\Lib\ctypes\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x00000334 filepath: C:\Python27\Lib\curses\read_me.txt	1
NtWriteFile July 4, 2024, 4:59 p.m.	buffer: --= DEATHRANSOM =--- *********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED******************* *FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*** All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email death@firemail.cc and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email death@cumallover.me death@firemail.cc Your LOCK-ID: ld29TA+2QjqhWVNtwoezkKV4Zvr3c+SbdzW+c3F4nTUtQ++cF/NOoW6FL2QMOVczlxcF+oA/wtwF0IXlzIALl2ytPRPlXHULS9tVygxoLvyeo05VvxoDywmn9ouxW8iS/geF4MhTjta+NPX+fNKyHwDU2ubDVXsTFa6DrBmGHhmrnbqrCHg6BB8u1hSqdbnH49DnRta/eem4x49TBjVZ7kXtfRj3rrQWVECbSqbSnceh2NUfxVnO699TVLbcA2H/prk5h8VmzPTO1XXJqxmAuTd6fN1q6wm5WB2+7LWRDRr5NlXpfA8diE+bGyAjGRbagZaLQhr747dM0pOVpZRIbqUiVNXKguAcClU5AVnOsEZr5gRdHne9AxHhdK1t6vKaY5rMvNfZenss0txAm91go2EXJYmTFmx5y1l1theJdDOkuQ7LWrgep2lpy19MkhtZKYkxnWP21OYjKDnl0qnDvVVh18PLw79nHYigmdL+9EleP8mXOJXkqeA8yom25eMFxSqlf0MIEkCWibSPvOgf1jEf/DeGYylF4hKRYt1kimD3U8FkeHcNmM4ogMifB6xzS3IjAuQotu4DnICJZFTig3OggFuVuJV2F9SdRQYwPLeeSci1fog2nicahsLuNSmXwTlxDg9GpA4aKnbheqorKGQKLS15f/dAm8k/HiD/dHkFNa9XOGyBb36r6B7t+QWBCUHQzvJA1IwAV8hM2kiqnw== >>>How to obtain bitcoin: The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ >>> Free decryption as guarantee! Before paying you send us up to 1 file for free decryption. We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb) IN ORDER TO PREVENT DATA DAMAGE: 1. Do not rename encrypted files. 2. Do not try to decrypt your data using third party software, it may cause permanent data loss. 3. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. offset: 0 file_handle: 0x000002f4 filepath: C:\Python27\Lib\distutils\command\read_me.txt	1

Performs 150 file moves indicative of a ransomware file encryption process (50 out of 150 events)

Time & API	Arguments	Status	Return
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\cuckoo_2172.ini.wctc flags: 2 oldfilepath_r: \\?\C:\cuckoo_2172.ini newfilepath: C:\cuckoo_2172.ini.wctc oldfilepath: C:\cuckoo_2172.ini	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\log.txt.wctc flags: 2 oldfilepath_r: \\?\C:\log.txt newfilepath: C:\log.txt.wctc oldfilepath: C:\log.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\readme.txt.wctc flags: 2 oldfilepath_r: \\?\C:\readme.txt newfilepath: C:\readme.txt.wctc oldfilepath: C:\readme.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\GPKI\gpki.cer.wctc flags: 2 oldfilepath_r: \\?\C:\GPKI\gpki.cer newfilepath: C:\GPKI\gpki.cer.wctc oldfilepath: C:\GPKI\gpki.cer	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\agent.pyw.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\agent.pyw newfilepath: C:\Python27\agent.pyw.wctc oldfilepath: C:\Python27\agent.pyw	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click.pyw.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click.pyw newfilepath: C:\Python27\click\click.pyw.wctc oldfilepath: C:\Python27\click\click.pyw	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\LICENSE.txt.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\LICENSE.txt newfilepath: C:\Python27\LICENSE.txt.wctc oldfilepath: C:\Python27\LICENSE.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\NEWS.txt.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\NEWS.txt newfilepath: C:\Python27\NEWS.txt.wctc oldfilepath: C:\Python27\NEWS.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\python.exe.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\python.exe newfilepath: C:\Python27\python.exe.wctc oldfilepath: C:\Python27\python.exe	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\README.txt.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\README.txt newfilepath: C:\Python27\README.txt.wctc oldfilepath: C:\Python27\README.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exec.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exec.png newfilepath: C:\Python27\click\click\click_image\exec.png.wctc oldfilepath: C:\Python27\click\click\click_image\exec.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exec1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exec1.png newfilepath: C:\Python27\click\click\click_image\exec1.png.wctc oldfilepath: C:\Python27\click\click\click_image\exec1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exit.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exit.png newfilepath: C:\Python27\click\click\click_image\exit.png.wctc oldfilepath: C:\Python27\click\click\click_image\exit.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exit1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exit1.png newfilepath: C:\Python27\click\click\click_image\exit1.png.wctc oldfilepath: C:\Python27\click\click\click_image\exit1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\open.PNG.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\open.PNG newfilepath: C:\Python27\click\click\click_image\open.PNG.wctc oldfilepath: C:\Python27\click\click\click_image\open.PNG	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\open1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\open1.png newfilepath: C:\Python27\click\click\click_image\open1.png.wctc oldfilepath: C:\Python27\click\click\click_image\open1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click_image\exec.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click_image\exec.png newfilepath: C:\Python27\click\click_image\exec.png.wctc oldfilepath: C:\Python27\click\click_image\exec.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\py.ico.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\py.ico newfilepath: C:\Python27\DLLs\py.ico.wctc oldfilepath: C:\Python27\DLLs\py.ico	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click_image\open.PNG.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click_image\open.PNG newfilepath: C:\Python27\click\click_image\open.PNG.wctc oldfilepath: C:\Python27\click\click_image\open.PNG	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click_image\open1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click_image\open1.png newfilepath: C:\Python27\click\click_image\open1.png.wctc oldfilepath: C:\Python27\click\click_image\open1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\pyc.ico.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\pyc.ico newfilepath: C:\Python27\DLLs\pyc.ico.wctc oldfilepath: C:\Python27\DLLs\pyc.ico	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Doc\python2718.chm.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Doc\python2718.chm newfilepath: C:\Python27\Doc\python2718.chm.wctc oldfilepath: C:\Python27\Doc\python2718.chm	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\sqlite3.dll.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\sqlite3.dll newfilepath: C:\Python27\DLLs\sqlite3.dll.wctc oldfilepath: C:\Python27\DLLs\sqlite3.dll	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\tclpip85.dll.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\tclpip85.dll newfilepath: C:\Python27\DLLs\tclpip85.dll.wctc oldfilepath: C:\Python27\DLLs\tclpip85.dll	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\unicodedata.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\unicodedata.pyd newfilepath: C:\Python27\DLLs\unicodedata.pyd.wctc oldfilepath: C:\Python27\DLLs\unicodedata.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\winsound.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\winsound.pyd newfilepath: C:\Python27\DLLs\winsound.pyd.wctc oldfilepath: C:\Python27\DLLs\winsound.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_bsddb.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_bsddb.pyd newfilepath: C:\Python27\DLLs\_bsddb.pyd.wctc oldfilepath: C:\Python27\DLLs\_bsddb.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_ctypes_test.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_ctypes_test.pyd newfilepath: C:\Python27\DLLs\_ctypes_test.pyd.wctc oldfilepath: C:\Python27\DLLs\_ctypes_test.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_elementtree.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_elementtree.pyd newfilepath: C:\Python27\DLLs\_elementtree.pyd.wctc oldfilepath: C:\Python27\DLLs\_elementtree.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_msi.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_msi.pyd newfilepath: C:\Python27\DLLs\_msi.pyd.wctc oldfilepath: C:\Python27\DLLs\_msi.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_multiprocessing.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_multiprocessing.pyd newfilepath: C:\Python27\DLLs\_multiprocessing.pyd.wctc oldfilepath: C:\Python27\DLLs\_multiprocessing.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_sqlite3.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_sqlite3.pyd newfilepath: C:\Python27\DLLs\_sqlite3.pyd.wctc oldfilepath: C:\Python27\DLLs\_sqlite3.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_testcapi.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_testcapi.pyd newfilepath: C:\Python27\DLLs\_testcapi.pyd.wctc oldfilepath: C:\Python27\DLLs\_testcapi.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\abstract.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\abstract.h newfilepath: C:\Python27\include\abstract.h.wctc oldfilepath: C:\Python27\include\abstract.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\asdl.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\asdl.h newfilepath: C:\Python27\include\asdl.h.wctc oldfilepath: C:\Python27\include\asdl.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\abc.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\abc.py newfilepath: C:\Python27\Lib\abc.py.wctc oldfilepath: C:\Python27\Lib\abc.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\db.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\db.py newfilepath: C:\Python27\Lib\bsddb\db.py.wctc oldfilepath: C:\Python27\Lib\bsddb\db.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\ast.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\ast.h newfilepath: C:\Python27\include\ast.h.wctc oldfilepath: C:\Python27\include\ast.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbobj.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbobj.py newfilepath: C:\Python27\Lib\bsddb\dbobj.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbobj.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bitset.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bitset.h newfilepath: C:\Python27\include\bitset.h.wctc oldfilepath: C:\Python27\include\bitset.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\boolobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\boolobject.h newfilepath: C:\Python27\include\boolobject.h.wctc oldfilepath: C:\Python27\include\boolobject.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbrecio.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbrecio.py newfilepath: C:\Python27\Lib\bsddb\dbrecio.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbrecio.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bufferobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bufferobject.h newfilepath: C:\Python27\include\bufferobject.h.wctc oldfilepath: C:\Python27\include\bufferobject.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\abc.pyc.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\abc.pyc newfilepath: C:\Python27\Lib\abc.pyc.wctc oldfilepath: C:\Python27\Lib\abc.pyc	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\aifc.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\aifc.py newfilepath: C:\Python27\Lib\aifc.py.wctc oldfilepath: C:\Python27\Lib\aifc.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbshelve.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbshelve.py newfilepath: C:\Python27\Lib\bsddb\dbshelve.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbshelve.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bytearrayobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bytearrayobject.h newfilepath: C:\Python27\include\bytearrayobject.h.wctc oldfilepath: C:\Python27\include\bytearrayobject.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbtables.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbtables.py newfilepath: C:\Python27\Lib\bsddb\dbtables.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbtables.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\antigravity.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\antigravity.py newfilepath: C:\Python27\Lib\antigravity.py.wctc oldfilepath: C:\Python27\Lib\antigravity.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bytesobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bytesobject.h newfilepath: C:\Python27\include\bytesobject.h.wctc oldfilepath: C:\Python27\include\bytesobject.h	1	1

Appends a new file extension or content to 150 files indicative of a ransomware file encryption process (50 out of 150 events)

Time & API	Arguments	Status	Return
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\cuckoo_2172.ini.wctc flags: 2 oldfilepath_r: \\?\C:\cuckoo_2172.ini newfilepath: C:\cuckoo_2172.ini.wctc oldfilepath: C:\cuckoo_2172.ini	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\log.txt.wctc flags: 2 oldfilepath_r: \\?\C:\log.txt newfilepath: C:\log.txt.wctc oldfilepath: C:\log.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\readme.txt.wctc flags: 2 oldfilepath_r: \\?\C:\readme.txt newfilepath: C:\readme.txt.wctc oldfilepath: C:\readme.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\GPKI\gpki.cer.wctc flags: 2 oldfilepath_r: \\?\C:\GPKI\gpki.cer newfilepath: C:\GPKI\gpki.cer.wctc oldfilepath: C:\GPKI\gpki.cer	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\agent.pyw.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\agent.pyw newfilepath: C:\Python27\agent.pyw.wctc oldfilepath: C:\Python27\agent.pyw	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click.pyw.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click.pyw newfilepath: C:\Python27\click\click.pyw.wctc oldfilepath: C:\Python27\click\click.pyw	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\LICENSE.txt.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\LICENSE.txt newfilepath: C:\Python27\LICENSE.txt.wctc oldfilepath: C:\Python27\LICENSE.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\NEWS.txt.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\NEWS.txt newfilepath: C:\Python27\NEWS.txt.wctc oldfilepath: C:\Python27\NEWS.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\python.exe.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\python.exe newfilepath: C:\Python27\python.exe.wctc oldfilepath: C:\Python27\python.exe	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\README.txt.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\README.txt newfilepath: C:\Python27\README.txt.wctc oldfilepath: C:\Python27\README.txt	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exec.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exec.png newfilepath: C:\Python27\click\click\click_image\exec.png.wctc oldfilepath: C:\Python27\click\click\click_image\exec.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exec1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exec1.png newfilepath: C:\Python27\click\click\click_image\exec1.png.wctc oldfilepath: C:\Python27\click\click\click_image\exec1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exit.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exit.png newfilepath: C:\Python27\click\click\click_image\exit.png.wctc oldfilepath: C:\Python27\click\click\click_image\exit.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\exit1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\exit1.png newfilepath: C:\Python27\click\click\click_image\exit1.png.wctc oldfilepath: C:\Python27\click\click\click_image\exit1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\open.PNG.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\open.PNG newfilepath: C:\Python27\click\click\click_image\open.PNG.wctc oldfilepath: C:\Python27\click\click\click_image\open.PNG	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click\click_image\open1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click\click_image\open1.png newfilepath: C:\Python27\click\click\click_image\open1.png.wctc oldfilepath: C:\Python27\click\click\click_image\open1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click_image\exec.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click_image\exec.png newfilepath: C:\Python27\click\click_image\exec.png.wctc oldfilepath: C:\Python27\click\click_image\exec.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\py.ico.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\py.ico newfilepath: C:\Python27\DLLs\py.ico.wctc oldfilepath: C:\Python27\DLLs\py.ico	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click_image\open.PNG.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click_image\open.PNG newfilepath: C:\Python27\click\click_image\open.PNG.wctc oldfilepath: C:\Python27\click\click_image\open.PNG	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\click\click_image\open1.png.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\click\click_image\open1.png newfilepath: C:\Python27\click\click_image\open1.png.wctc oldfilepath: C:\Python27\click\click_image\open1.png	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\pyc.ico.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\pyc.ico newfilepath: C:\Python27\DLLs\pyc.ico.wctc oldfilepath: C:\Python27\DLLs\pyc.ico	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Doc\python2718.chm.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Doc\python2718.chm newfilepath: C:\Python27\Doc\python2718.chm.wctc oldfilepath: C:\Python27\Doc\python2718.chm	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\sqlite3.dll.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\sqlite3.dll newfilepath: C:\Python27\DLLs\sqlite3.dll.wctc oldfilepath: C:\Python27\DLLs\sqlite3.dll	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\tclpip85.dll.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\tclpip85.dll newfilepath: C:\Python27\DLLs\tclpip85.dll.wctc oldfilepath: C:\Python27\DLLs\tclpip85.dll	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\unicodedata.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\unicodedata.pyd newfilepath: C:\Python27\DLLs\unicodedata.pyd.wctc oldfilepath: C:\Python27\DLLs\unicodedata.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\winsound.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\winsound.pyd newfilepath: C:\Python27\DLLs\winsound.pyd.wctc oldfilepath: C:\Python27\DLLs\winsound.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_bsddb.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_bsddb.pyd newfilepath: C:\Python27\DLLs\_bsddb.pyd.wctc oldfilepath: C:\Python27\DLLs\_bsddb.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_ctypes_test.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_ctypes_test.pyd newfilepath: C:\Python27\DLLs\_ctypes_test.pyd.wctc oldfilepath: C:\Python27\DLLs\_ctypes_test.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_elementtree.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_elementtree.pyd newfilepath: C:\Python27\DLLs\_elementtree.pyd.wctc oldfilepath: C:\Python27\DLLs\_elementtree.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_msi.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_msi.pyd newfilepath: C:\Python27\DLLs\_msi.pyd.wctc oldfilepath: C:\Python27\DLLs\_msi.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_multiprocessing.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_multiprocessing.pyd newfilepath: C:\Python27\DLLs\_multiprocessing.pyd.wctc oldfilepath: C:\Python27\DLLs\_multiprocessing.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_sqlite3.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_sqlite3.pyd newfilepath: C:\Python27\DLLs\_sqlite3.pyd.wctc oldfilepath: C:\Python27\DLLs\_sqlite3.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\DLLs\_testcapi.pyd.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\DLLs\_testcapi.pyd newfilepath: C:\Python27\DLLs\_testcapi.pyd.wctc oldfilepath: C:\Python27\DLLs\_testcapi.pyd	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\abstract.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\abstract.h newfilepath: C:\Python27\include\abstract.h.wctc oldfilepath: C:\Python27\include\abstract.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\asdl.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\asdl.h newfilepath: C:\Python27\include\asdl.h.wctc oldfilepath: C:\Python27\include\asdl.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\abc.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\abc.py newfilepath: C:\Python27\Lib\abc.py.wctc oldfilepath: C:\Python27\Lib\abc.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\db.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\db.py newfilepath: C:\Python27\Lib\bsddb\db.py.wctc oldfilepath: C:\Python27\Lib\bsddb\db.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\ast.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\ast.h newfilepath: C:\Python27\include\ast.h.wctc oldfilepath: C:\Python27\include\ast.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbobj.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbobj.py newfilepath: C:\Python27\Lib\bsddb\dbobj.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbobj.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bitset.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bitset.h newfilepath: C:\Python27\include\bitset.h.wctc oldfilepath: C:\Python27\include\bitset.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\boolobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\boolobject.h newfilepath: C:\Python27\include\boolobject.h.wctc oldfilepath: C:\Python27\include\boolobject.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbrecio.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbrecio.py newfilepath: C:\Python27\Lib\bsddb\dbrecio.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbrecio.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bufferobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bufferobject.h newfilepath: C:\Python27\include\bufferobject.h.wctc oldfilepath: C:\Python27\include\bufferobject.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\abc.pyc.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\abc.pyc newfilepath: C:\Python27\Lib\abc.pyc.wctc oldfilepath: C:\Python27\Lib\abc.pyc	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\aifc.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\aifc.py newfilepath: C:\Python27\Lib\aifc.py.wctc oldfilepath: C:\Python27\Lib\aifc.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbshelve.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbshelve.py newfilepath: C:\Python27\Lib\bsddb\dbshelve.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbshelve.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bytearrayobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bytearrayobject.h newfilepath: C:\Python27\include\bytearrayobject.h.wctc oldfilepath: C:\Python27\include\bytearrayobject.h	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\bsddb\dbtables.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\bsddb\dbtables.py newfilepath: C:\Python27\Lib\bsddb\dbtables.py.wctc oldfilepath: C:\Python27\Lib\bsddb\dbtables.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\Lib\antigravity.py.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\Lib\antigravity.py newfilepath: C:\Python27\Lib\antigravity.py.wctc oldfilepath: C:\Python27\Lib\antigravity.py	1	1
MoveFileWithProgressW July 4, 2024, 4:59 p.m.	newfilepath_r: \\?\C:\Python27\include\bytesobject.h.wctc flags: 2 oldfilepath_r: \\?\C:\Python27\include\bytesobject.h newfilepath: C:\Python27\include\bytesobject.h.wctc oldfilepath: C:\Python27\include\bytesobject.h	1	1

File has been identified by 66 AntiVirus engines on VirusTotal as malicious (50 out of 66 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.DeathRansom.4!c
Elastic	Windows.Ransomware.Hellokitty
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.qh
ALYac	Trojan.Ransom.DEATHRansom
Cylance	Unsafe
VIPRE	Generic.Ransom.Death.C779B2AC
Sangfor	Trojan.Win32.Generic.ky
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Generic.Ransom.Death.C779B2AC
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.d0bfb3
Arcabit	Generic.Ransom.Death.C779B2AC
VirIT	Trojan.Win32.Ransom.BRK
Symantec	Downloader
tehtris	Generic.Malware
ESET-NOD32	Win32/Filecoder.DeathRansom.B
APEX	Malicious
McAfee	Ransomware-GUC!A35596ED0BFB
Avast	Win32:DeathRansom-A [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Ransom:Win32/generic.ali2000010
NANO-Antivirus	Trojan.Win32.Encoder.giysar
MicroWorld-eScan	Generic.Ransom.Death.C779B2AC
Rising	Ransom.Death!1.BF5C (CLASSIC)
Emsisoft	Generic.Ransom.Death.C779B2AC (B)
F-Secure	Trojan.TR/FileCoder.pgzbl
DrWeb	Trojan.Encoder.30115
Zillya	Trojan.Filecoder.Win32.11115
TrendMicro	Ransom.Win32.DEATHRANSOM.THKBOAIA
McAfeeD	Real Protect-LS!A35596ED0BFB
FireEye	Generic.mg.a35596ed0bfb34de
Sophos	Mal/Generic-S
Ikarus	Trojan-Ransom.DeathRansom
Jiangmin	Trojan.Generic.eivkk
Webroot	W32.Ransom.Deathransom
Google	Detected
Avira	TR/FileCoder.pgzbl
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Fuerboos
Kingsoft	malware.kb.a.1000
Gridinsoft	Ransom.Win32.DeathRansom.dd!s1
Xcitium	Malware@#rlp7bi2rrhwy
Microsoft	Ransom:MacOS/FileCoder
ViRobot	Trojan.Win32.S.DeathRansom.56320
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Generic.Ransom.Death.C779B2AC
Varist	W32/Death.EXIH-4433
AhnLab-V3	Malware/Win32.Generic.C3577333

DeathRansom_1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All