A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2
2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining disk information, the program begins […]