Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OracleUpdater' = ''
- %TEMP%\clrss.exe
- <SYSTEM32>\wscript.exe "%TEMP%\Temp21.vbs"
- %TEMP%\clrss.exe
- %TEMP%\Temp21.vbs
- %APPDATA%\OracleUpdater.zgy
- %TEMP%\Temp21.vbs
- 'rs####une.mooo.com':4445
- DNS ASK rs####une.mooo.com
- ClassName: 'Indicator' WindowName: ''