Technical Information
- %TEMP%\is-l4072.tmp\is-3kr3o.tmp
- %TEMP%\is-mp0vj.tmp\_isetup\_regdll.tmp
- %TEMP%\is-mp0vj.tmp\_isetup\_setup64.tmp
- %TEMP%\is-mp0vj.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-mp0vj.tmp\_isetup\_iscrypt.dll
- %ProgramFiles(x86)%\secure wipe\is-8mql5.tmp
- %ProgramFiles(x86)%\secure wipe\is-vhu66.tmp
- %ProgramFiles(x86)%\secure wipe\is-057lm.tmp
- %ProgramFiles(x86)%\secure wipe\unins000.dat
- %ProgramFiles(x86)%\secure wipe\secure wipe.exe
- %TEMP%\iobit.cab
- from %ProgramFiles(x86)%\secure wipe\is-8mql5.tmp to %ProgramFiles(x86)%\secure wipe\unins000.exe
- from %ProgramFiles(x86)%\secure wipe\is-vhu66.tmp to %ProgramFiles(x86)%\secure wipe\turbosearch.exe
- from %ProgramFiles(x86)%\secure wipe\is-057lm.tmp to %ProgramFiles(x86)%\secure wipe\secure wipe.exe
- 'so###como.gq':80
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?56#######
- http://so###como.gq/new/net_api
- DNS ASK so###como.gq
- ClassName: 'SecureWipeInstallWindowsNameSXB12' WindowName: ''
- '%TEMP%\is-l4072.tmp\is-3kr3o.tmp' /SL4 $120146 "<Full path to file>" 5046768 48128
- '%ProgramFiles(x86)%\secure wipe\secure wipe.exe'
- '%ProgramFiles(x86)%\secure wipe\secure wipe.exe' 2ab56869fe4cfcc6ee3a64455d6e1d76
- '%WINDIR%\syswow64\schtasks.exe' /Query
- '%WINDIR%\syswow64\schtasks.exe' /Delete /F /TN "Secure Wipe 1"