Техническая информация
- '%APPDATA%\svchost.exe'
- '<SYSTEM32>\cmd.exe' /K "%APPDATA%\svchost.exe"
- '<SYSTEM32>\reg.exe' reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "8ebc3019-3139-4b22-ab04-40c9a0d676a6" /t REG_SZ /d "%APPDATA%\svchost.exe" & exit
- svchost.exe
- ClassName: 'TibiaClient', WindowName: ''
- %APPDATA%\svchost.exe
- ClassName: 'Qt5QWindowOwnDCIcon' WindowName: ''
- ClassName: 'TibiaClientPreview' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''