Техническая информация
- '%ALLUSERSPROFILE%\Application Data\WipeShadowup.exe'
- '<SYSTEM32>\cmd.exe' /K "%ALLUSERSPROFILE%\Application Data\WipeShadowup.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "ae6a41b6-9c29-4488-b207-5b4e0b833d11" /t REG_SZ /d "%ALLUSERSPROFILE%\Application Data\WipeShadowup.exe" & exit
- WipeShadowup.exe
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- %ALLUSERSPROFILE%\Application Data\WipeShadowup.exe
- %ALLUSERSPROFILE%\Application Data\WipeShadowup.exe
- 'dr###r.ddns.net':9034
- DNS ASK dr###r.ddns.net