Major Characteristics : - Offline Encryption - Create a fake "Windows Update" message - Modifies Windows Host file (C:\Windows\System32\drivers\etc\hosts) to block security web sites. - Disable and Blocks Task Manager (DisableTaskmgr) - Disable Windows Defender (Set-MpPreference -DisableRealtimeMonitoring $true, "C:\Program Files\Windows Defender\mpcmdrun.exe" -removedefinitions -all) - Reruns by adding "Time Trigger Task" in Task Scheduler to run "%LocalAppData%\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.tmp.exe --Task" for every 5 minutes. - Generates additional an info stealer malwares