13 May, 2022 - 08:36 AM
(06 May, 2020 - 06:11 PM)MiNdFuCkErY_1337skid Wrote: Show MoretinksFirst, the script checks if it's in a sandbox, debugger, vm, etc, and try bypass it.
It then encrypts all files starting with the defined directory on the line 60 in deathransom.py.
Then, downloads the ransom request script, disable cmd, taskmanager and the registry tools. And starts the counter to delete the files.