Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Essential Updater' = '%ALLUSERSPROFILE%\application data\updates\microsoftsecurityclient.exe'
- '%ALLUSERSPROFILE%\Application Data\Updates\MicrosoftSecurityClient.exe'
- Библиотека-обработчик для всех процессов: %ALLUSERSPROFILE%\Application Data\Updates\Uam.dll
- %ALLUSERSPROFILE%\Application Data\Updates\Windows Defender.exe
- %ALLUSERSPROFILE%\Application Data\Lib\ShellExtention.dll
- %ALLUSERSPROFILE%\Application Data\Updates\DB.xml
- %ALLUSERSPROFILE%\Application Data\Updates\MicrosoftSecurityClient.exe
- %ALLUSERSPROFILE%\Application Data\Updates\Uam.dll
- %ALLUSERSPROFILE%\Application Data\Updates\UPDL.dll
- 'po#.#mail.com':995
- DNS ASK po#.#mail.com