The bypass works via deleting service at safe mode and disabling internet, setting date 2037 for cloud bypass and license experied
All credits goes to: HydraDragonAntivirus and winball501, (Impressived by orangegrouptech, Github: github.com/ora...) yazacam ben sen ne ekleyecen How ransomware works: When it's executed, it encrypts files with Random key through AES-256, After that, Random AES key get encrypted with attacker's public key through RSA-2048 and saved to PC as unique id, and restart pc to delete non-encrypted key from memory. If you done attacker's orders, you give unique id to attacker and attacker decrypt it in his own pc with his RSA private key, and give you non-encypted key through email. After that, you can decrypt your files. so you've no luck if u dont pay :)
Surely this ransomware didnot infect any pc, it's just for test. Even email not real.
So you will not be infected.
Meanwhile if quantum pc get common and more developed, rsa can be easily cracked, i dont thought it will be real for 40+ years 1) disabling uac of course for after restart program malware to run 2) registry modification for run at startup 3) change system date for general antivirus bypass like bitdefender kaspersky to license ended 4) disabling internet for cloud bypass 5) ransomware execute himself after antivirsu got removed 6) safe mode to bypass antivirus and remove it 7) rebooting to avoid antivirus blocking while running payload
Github: github.com/Hyd...
Notice: winball501 might be have mistake during video but it's not changed malware while during test.
Also Bitdefender got removed so even if he click Bitdefender it doesn't going to boot up.