Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\931576896] 'Name' = '"%TEMP%\srvAE8.tmp"'
- [<HKLM>\SYSTEM\ControlSet001\Services\srvAE8] 'Start' = '00000002'
- <SYSTEM32>\spoolsv.exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S9A3GHQZ\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0HE7WP2Z\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\desktop.ini
- %TEMP%\srvAE8.tmp
- %TEMP%\srvAE8.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01234567\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0HE7WP2Z\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\desktop.ini
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S9A3GHQZ\desktop.ini
- %TEMP%\srvAE8.tmp
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01234567\desktop.ini
- '19#.#4.112.136':80
- '19#.#4.112.138':80
- '<IP-адрес в локальной сети>':80
- '<IP-адрес в локальной сети>':445
- '<IP-адрес в локальной сети>':139
- 19#.#4.112.138/service/listener.php?af#########
- 19#.#4.112.136//srv