Technical Information
- '%APPDATA%\WipeShadows.exe'
- '<SYSTEM32>\cmd.exe' /K "%APPDATA%\WipeShadows.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "627c4901-75b2-4c29-b273-fb1cf0490e76" /t REG_SZ /d "%APPDATA%\WipeShadows.exe" & exit
- WipeShadows.exe
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- %APPDATA%\WipeShadows.exe
- '18#.#1.158.18':6666