Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WiGCq' = '<SYSTEM32>\exds.exe'
- '<SYSTEM32>\regini.exe' "%TEMP%\uucRftC.ini"
- '<SYSTEM32>\icacls.exe' "<SYSTEM32>\exds.exe" /grant Users:F
- '<SYSTEM32>\takeown.exe' /f "<SYSTEM32>\exds.exe"
- %TEMP%\uucRftC.ini
- <SYSTEM32>\exds.exe
- %TEMP%\uucRftC.ini