Technical Information
- %TEMP%\bb14.tmp\bb15.tmp\bb16.bat
- <Current directory>\zip.exe
- <Current directory>\unzip.exe
- <Current directory>\cryptohack.bat
- <Current directory>\persist.cmd
- %HOMEPATH%\documents\ransom.log
- <Full path to file>
- <Current directory>\unzip.exe
- <Current directory>\zip.exe
- <Current directory>\cryptohack.bat
- <Current directory>\persist.cmd
- <Current directory>\zip.exe
- <Current directory>\unzip.exe
- <Current directory>\cryptohack.bat
- <Current directory>\persist.cmd
- %TEMP%\bb14.tmp\bb15.tmp\bb16.bat
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\BB14.tmp\BB15.tmp\BB16.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\BB14.tmp\BB15.tmp\BB16.bat <Full path to file>"
- '<SYSTEM32>\attrib.exe' +r +h +s *.exe
- '<SYSTEM32>\attrib.exe' +r +h +s *.bat
- '<SYSTEM32>\attrib.exe' +r +h +s *.cmd
- '<SYSTEM32>\cmd.exe' /K CryptoHack.bat
- '<SYSTEM32>\cmd.exe' /K persist.cmd