Техническая информация
- "%TEMP%\s_xztmp0.exe" (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\bibibei_00005[1].exe
- %TEMP%\s_xztmp1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\IEProt_2.1.826.1_3013_Setup[1].exe
- %TEMP%\s_xztmp0.exe
- 'www.bi##bei.com':80
- 'd1.##azhai8.net':80
- www.bi##bei.com/bibibei_00005.exe
- d1.##azhai8.net/products/0902/8/IEProt_2.1.826.1_3013_Setup.exe
- DNS ASK www.bi##bei.com
- DNS ASK d1.##azhai8.net