Техническая информация
- '%WINDIR%\inf\alg.exe' /install /silent
- '%WINDIR%\inf\alg.exe' (загружен из сети Интернет)
- '<SYSTEM32>\reg.exe' ADD "SYSTEM\CurrentControlSet\Services\WSALG2" /v "FailureActions" /t REG_BINARY /f /d "00000000000000000000000003000000530065000100000060ea00000100000060ea00000100000060ea0000"
- '<SYSTEM32>\net1.exe' start "Application Layer Gateway Service2"
- '%WINDIR%\explorer.exe' http://www.ir#.gov/pub/irs-pdf/f941.pdf
- '<SYSTEM32>\regsvr32.exe' /i /s %WINDIR%\inf\AcroIEHelper.dll
- %WINDIR%\inf\AcroIEHelper.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\f941[1].pdf
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\2[1].jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\1[1].jpg
- %WINDIR%\inf\alg.exe
- 'localhost':1039
- 'www.ir#.gov':80
- 'localhost':1037
- '91.##6.122.60':80
- www.ir#.gov/pub/irs-pdf/f941.pdf
- 91.##6.122.60/2.jpg
- 91.##6.122.60/1.jpg
- DNS ASK www.ir#.gov
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'