Техническая информация
- '%ALLUSERSPROFILE%\Application Data\WipeShadow.exe'
- '<SYSTEM32>\cmd.exe' /K "%ALLUSERSPROFILE%\Application Data\WipeShadow.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "f2d422a8-a03a-4180-ae03-ff4b1c506f8e" /t REG_SZ /d "%ALLUSERSPROFILE%\Application Data\WipeShadow.exe" & exit
- WipeShadow.exe
- %ALLUSERSPROFILE%\Application Data\.Identifier
- %ALLUSERSPROFILE%\Application Data\WipeShadow.exe
- %ALLUSERSPROFILE%\Application Data\.Identifier
- %ALLUSERSPROFILE%\Application Data\WipeShadow.exe
- 'do#####re.dyndns.org':3360
- DNS ASK do#####re.dyndns.org
- ClassName: 'Shell_TrayWnd' WindowName: ''