Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe] 'Debugger' = '"<SYSTEM32>\vr5T\5mLdR\system.exe" "r"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\vr5T\5mLdR\system.exe' = '<SYSTEM32>\vr5T\5mLdR\system.exe:*:Enabled:RPC'
- <SYSTEM32>\vr5T\5mLdR\system.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "<SYSTEM32>\vr5T\5mLdR\system.exe" "system.exe" ENABLE
- %PROGRAM_FILES%\zBLK\pnvh\config.cfg
- <SYSTEM32>\vr5T\5mLdR\config.cfg
- %PROGRAM_FILES%\zBLK\pnvh\deRof.exe
- <SYSTEM32>\vr5T\5mLdR\system.exe