Technical Information
- '<Current directory>\ransomwareendix.exe'
- '<SYSTEM32>\wscript.exe' "<Current directory>\msgbox.vbs"
- '<Current directory>\ransomware.exe'
- '<Current directory>\ransomwaremass.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen <Current directory>\ransom.jpg
- '<SYSTEM32>\reg.exe' add "?key?" /v "Start page" /d "http://te##.bcs.com/admin/my_documents/my_files/keyvairus.html" /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\3\3.bat" <Current directory>\ransomwareendix.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1\1.bat" <Current directory>\ransomware.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2\2.bat" <Current directory>\ransomwaremass.exe"
- %TEMP%\2\2.bat
- %TEMP%\1\1.bat
- <Current directory>\msgbox.vbs
- %TEMP%\3\3.bat
- <Current directory>\ransomwareendix.exe
- <Current directory>\ransom.jpg
- <Current directory>\ransomware.exe
- <Current directory>\ransomwaremass.exe
- %TEMP%\3\3.bat
- %TEMP%\2\2.bat
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''