dEEpEst Posted September 1, 2019 Share Posted September 1, 2019 "# mock-ransomware" Release\ransomware.exe Go to test folder, notice the permission changes, change them back to see the encrypted text Delete copied malware inside of \\Users\\<name>\\ransomwaredirectory open up regedit to also delete persistent keys reg DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ransomware_pwn /f The operation completed successfully. reg QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run to verify To view the driver installed C:\> sc query MyCustomBeep SERVICE_NAME: MyCustomBeep TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts