Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Autostart' = 'wincmd.exe'
- '<SYSTEM32>\cmd.exe' /c rename %windir%\IWorm.exe wincmd.exe
- '<SYSTEM32>\cmd.exe' /c move hosts <DRIVERS>\etc
- '<SYSTEM32>\cmd.exe' /c cd %windir%
- '<SYSTEM32>\cmd.exe' /c cd
- '<SYSTEM32>\cmd.exe' /c copy IWorm.exe %windir%
- <Текущая директория>\hosts
- ClassName: 'ConsoleWindowClass' WindowName: ''
- ClassName: '' WindowName: 'IWorm'