Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Acememes' = '%WINDIR%\Wenmemor.exe'
- ClassName: 'TibiaClient', WindowName: ''
- %WINDIR%\wenmemor.exe
- DNS ASK ev###oft.com
- ClassName: 'PoFВ qeAdefI' WindowName: ''
- ClassName: 'AAAAAClient' WindowName: ''
- ClassName: 'DirectX5Wnd' WindowName: ''