Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Server' = '%WINDIR%\Rundll32.exe'
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '"<SYSTEM32>\N0TEPAD.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\inifile\shell\open\command] '' = '"<SYSTEM32>\N0TEPAD.exe" "%1"'
- %WINDIR%\Rundll32.exe
- <SYSTEM32>\N0TEPAD.exe
- '17#.#1.1.153':16789
- ClassName: 'I love you' WindowName: '????????????????????????????????????????'