Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nPBrLaLjl' = 'control.exe "%PROGRAM_FILES%\TGMbIhKStgYXf\nPBrLaLjl.cpl",0,1'
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL "%PROGRAM_FILES%\TGMbIhKStgYXf\nPBrLaLjl.cpl",0,1
- <SYSTEM32>\control.exe "%PROGRAM_FILES%\TGMbIhKStgYXf\nPBrLaLjl.cpl",0,1
- <SYSTEM32>\rundll32.exe Shell32.dll,Control_RunDLL ""%TEMP%\Rm6lC5r0bqb.dll"",0,-9
- %TEMP%\n1s.cab
- %TEMP%\n1s.exe
- %PROGRAM_FILES%\TGMbIhKStgYXf\nPBrLaLjl.cpl
- %TEMP%\Rm6lC5r0bqb.dll
- %TEMP%\setup.exe
- %TEMP%\Rm6lC5r0bqb.dll
- ClassName: '' WindowName: 'Switch Sound File Converter Plus'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'Switch Sound File Converter'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'NCHSoftware_InstanceWindow' WindowName: 'Switch'