Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ThePerformer' = '%ALLUSERSPROFILE%\MicrosoftUpdater.exe'
- %ALLUSERSPROFILE%\microsoftupdater.exe
- %ALLUSERSPROFILE%\emit.dll
- <Current directory>\sys.txt
- %ALLUSERSPROFILE%\sys.txt
- %ALLUSERSPROFILE%\microsoftupdater.exe
- DNS ASK sm##.gmail.com
- DNS ASK fa###web.9f.com
- '%ALLUSERSPROFILE%\microsoftupdater.exe'