I’ve never known @Robbie to be wrong, now Roboman...You always learn something new Although I will never admit I did not know that and I will deny every accusation of it.
When I made a closer look at a code of this BAT, I found a few "certutil -decode" commands after many "certutil -encode" commands. Some files were hidden in the BAT file as an array of bytes, like for example the whole mp3 file. But, the files extracted/decoded from the malware were not related to encrypting files on disk. As @cruelsister noticed, the ransomware job was done by very simple code. The malware followed this path:My first thought was that the big batch file contained base64 encoded malware which was next decoded by using the command-line "certutil -decode" like in the below example:
BAT file based Ransomware targeting people in China – SonicWall
But, the ver. 3.3 did not use such a command-line, only "certutil -encode" was used. The video also suggests using only "certutil -encode" command-line.