Technical Information
- '%TEMP%\wipeshadow\wipeshadow.exe'
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "%APPDATA%\WipeShadow.exe"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1000
- '%TEMP%\wipeshadow\wipeshadow.exe'
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "7d8953cd-5d0d-4c1a-a7f0-5aafe99126c9" /t REG_SZ /d "%APPDATA%\WipeShadow.exe" & exit
- '<SYSTEM32>\cmd.exe' /K "%APPDATA%\WipeShadow.exe"
- '%APPDATA%\WipeShadow.exe'
- wipeshadow.exe
- %APPDATA%\Imminent\Logs\21-03-2017
- %TEMP%\wipeshadow\wipeshadow.exe
- %APPDATA%\WipeShadow.exe
- %APPDATA%\WipeShadow.exe
- 'ra####.linkpc.net':6666
- DNS ASK ra####.linkpc.net
- ClassName: 'Shell_TrayWnd' WindowName: ''