Техническая информация
- %TEMP%\is-2tum3.tmp\is-pgkrj.tmp
- %TEMP%\is-pjr3q.tmp\_isetup\_regdll.tmp
- %TEMP%\is-pjr3q.tmp\_isetup\_setup64.tmp
- %TEMP%\is-pjr3q.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-pjr3q.tmp\_isetup\_iscrypt.dll
- %ProgramFiles(x86)%\secure wipe\is-q0p2i.tmp
- %ProgramFiles(x86)%\secure wipe\is-tn92i.tmp
- %ProgramFiles(x86)%\secure wipe\is-t341p.tmp
- %ProgramFiles(x86)%\secure wipe\unins000.dat
- %ProgramFiles(x86)%\secure wipe\secure wipe.exe
- %TEMP%\iobit.cab
- %ProgramFiles(x86)%\secure wipe\is-q0p2i.tmp в %ProgramFiles(x86)%\secure wipe\unins000.exe
- %ProgramFiles(x86)%\secure wipe\is-tn92i.tmp в %ProgramFiles(x86)%\secure wipe\turbosearch.exe
- %ProgramFiles(x86)%\secure wipe\is-t341p.tmp в %ProgramFiles(x86)%\secure wipe\secure wipe.exe
- 'tu####lotneli.cf':80
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?56#######
- http://tu####lotneli.cf/new/net_api
- DNS ASK tu####lotneli.cf
- ClassName: 'SecureWipeInstallWindowsNameSWR3' WindowName: ''
- '%TEMP%\is-2tum3.tmp\is-pgkrj.tmp' /SL4 $B0230 "<Полный путь к файлу>" 4685368 53248
- '%ProgramFiles(x86)%\secure wipe\secure wipe.exe'
- '%ProgramFiles(x86)%\secure wipe\secure wipe.exe' afa9e702f8ce7a36400b4de48c21eb01
- '%WINDIR%\syswow64\schtasks.exe' /Query
- '%WINDIR%\syswow64\schtasks.exe' /Delete /F /TN "Secure Wipe"