MD5: fb928ff89fc25fa5b3c4586d0f73fc0c
h/t @malwrhunterteam 

Whitelisted files:

boot.ini;bootfont.bin;bootsect.bak;desktop.ini;ctfmon.exe;iconcache.db;master.exe;master.dat;ntdetect.com;ntldr;ntuser.dat;ntuser.dat.log;ntuser.ini;thumbs.db;

Note:

YOUR FILES ARE ENCRYPTED !!!.TXT

Whitelisted Folders:

:\$RECYCLE.BIN\;:\$Windows.~bt\;:\RECYCLER;:\System Volume Information\;:\Windows.old\;:\Windows\;:\intel\;:\nvidia\;:\inetpub\logs\;\All Users\;\AppData\;\Apple Computer\Safari\;\Application Data\;\Boot\;\Google\;\Google\Chrome\;\Mozilla Firefox\;\Mozilla\;\Opera Software\;\Opera\;\Tor Browser\;\Common Files\;\Internet Explorer\;\Windows Defender\;\Windows Mail\;\Windows Media Player\;\Windows Multimedia Platform\;\Windows NT\;\Windows Photo Viewer\;\Windows Portable Devices\;\WindowsPowerShell\;\Windows Photo Viewer\;\Windows Security\;\Embedded Lockdown Manager\;\Windows Journal\;\MSBuild\;\Reference Assemblies\;\Windows Sidebar\;\Windows Defender Advanced Threat Protection\;\Microsoft\;\Package Cache\;\Microsoft Help\;

Buran Note:
                        !!!ALL DATA ON THIS PC HAS BEEN ENCRYPTED !!!
                                          Your ID: <!--ID-->
To decrypted files, you need to otbtain private key. 
The single copy of the private key, with will allow you to decrypt the files, is locate on a 
secret server on the internet;
The server will destroy the key within 48h after encryption completed.
    To decrypt them send e-mail to this address: 
    surpriseN1@aol.com  or surpriseN1@protonmail.com
That you trusted us you can send 1 file NOT containing valuable information for decoding
Attention!
* Maybe you are busy looking for a way to recover your files, but do not waste your time, 
  nobody can recover your files without our decryption service.
* Do not rename encrypted files. 
* Do not try to decrypt your data using third party software, it may cause permanent data loss.

Process kill:

agntsvc.exe;agntsvc.exeagntsvc.exe;agntsvc.exeencsvc.exe;agntsvc.exeisqlplussvc.exe;anvir.exe;anvir64.exe;ccleaner.exe;ccleaner64.exe;dbeng50.exe;dbsnmp.exe;encsvc.exe;far.exe;firefoxconfig.exe;infopath.exe;isqlplussvc.exe;msaccess.exe;msftesql.exe;mspub.exe;mydesktopqos.exe;mydesktopservice.exe;mysqld-nt.exe;mysqld-opt.exe;mysqld.exe;ncsvc.exe;ocautoupds.exe;ocomm.exe;ocssd.exe;oracle.exe;procexp.exe;regedit.exe;sqbcoreservice.exe;sqlagent.exe;sqlbrowser.exe;sqlserver.exe;sqlservr.exe;sqlwriter.exe;synctime.exe;taskkill.exe;tasklist.exe;tbirdconfig.exe;visio.exe;xfssvccon.exe;sql.exe;oracle.exe;apache.exe;tomcat.exe;tomcat6.exe;u8.exe;ufida.exe;backup.exe;kingdee.exe;

Whitelisted extensios:

.bat
.cmd
.com
.cpl
.dll
.msc
.msp
.pif
.scr
.sys
.log
.exe
.buran

Regisry Storage:

HKCU\Software\Buran
                    -> Knock (iplogger)
              \Service
                    -> Public
                    -> Private