Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'qazxswdfdf' = 'c:\osowsys16.pif'
- 'C:\osowsys16.pif'
- '%TEMP%\wO0t.cmd'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- ClassName: 'TibiaClient' WindowName: ''
- C:\osowsys16.pif
- %TEMP%\wO0t.cmd
- C:\osowsys16.pif
- %TEMP%\$mad$res$00000b24$952500$
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''