Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Intel(R) Common Key Interface cache' = '<Полный путь к вирусу>'
- <LS_APPDATA>\webcache.xml
- 'ca###.#sqlserver.com':80
- ca###.#sqlserver.com/update2/cache_update.php
- ca###.#sqlserver.com/update2/submit_ticket.php
- DNS ASK ca###.#sqlserver.com
- ClassName: 'Indicator' WindowName: ''