Hi, I have just ran ransomware on my computer in auto sandbox, finally all the folders are safe except the Downloads folder( the ransomware itself has also been encrypted).
After that I ran it on desktop. Again, all the folders are safe except the Downloads folder…(ransomware itself has not been encrypted).
For both scenarios, the Extortion letter appear at downloads folder.
I am using CIS 10.0.1.6223.
windows 10 1703 15063.296
default setting
If you want to play around with malware, then you should get a Virtual Machine.
“[X] Do not virtualize access to the specified files/folders”
programs in the sandbox are allowed to save and modify data in this area.
If you try to execute a unknown from the download folder it will be sanboxed.
Good if you want to run a web browser inside the sandbox and still allow you to save settings/bookmars without them disappearing,
you can uncheck this setting if you want, or modify it to your needs.
tanks a lot