Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\bxnstjewcu] 'Start' = '00000002'
- '%WINDIR%\bxnstjewcu.exe' "" "<Полный путь к вирусу>"
- '%WINDIR%\bxnstjewcu.exe'
- <SYSTEM32>\config\systemprofile\Ky7d757rdtfygug4.ini
- %WINDIR%\ssleay32.dll
- %WINDIR%\bxnstjewcu.exe
- <SYSTEM32>\config\systemprofile\gx1tdfggdtwy1wp5qwe1.ini
- 'www.bu#######onnectionexchange.ca':80
- www.bu#######onnectionexchange.ca/cp/admin_log.php?99##################
- DNS ASK www.bu#######onnectionexchange.ca