Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ThePerformer' = '%ALLUSERSPROFILE%\MicrosoftUpdater.exe'
- %ALLUSERSPROFILE%\microsoftupdater.exe
- %ALLUSERSPROFILE%\emit.dll
- %ALLUSERSPROFILE%\microsoftupdater.exe
- http://de####rld.xp3.biz/from.txt
- http://de####rld.xp3.biz/pass.txt
- http://de####rld.xp3.biz/to.txt
- DNS ASK de####rld.xp3.biz
- DNS ASK er#.####webhostingarea.com
- '%ALLUSERSPROFILE%\microsoftupdater.exe'