Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18328afc-fe6e-450d-bcb2-4832824a54e1' = '%ALLUSERSPROFILE%\Application Data\wipeshadow.exe'
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "18328afc-fe6e-450d-bcb2-4832824a54e1" /t REG_SZ /d "%ALLUSERSPROFILE%\Application Data\wipeshadow.exe"
- '<SYSTEM32>\cmd.exe' /K %ALLUSERSPROFILE%\Application Data\wipeshadow.exe
- '<SYSTEM32>\cmd.exe' /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "18328afc-fe6e-450d-bcb2-4832824a54e1" /t REG_SZ /d "%ALLUSERSPROFILE%\Application Data\wipeshadow.exe" & exit
- %ALLUSERSPROFILE%\Application Data\wipeshadow.exe
- %ALLUSERSPROFILE%\Application Data\wipeshadow.exe