Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\phylock] 'ImagePath' = 'system32\drivers\phylock.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\phylock] 'Start' = '00000000'
- '%TEMP%\7ZipSfx.000\setup.exe' /i
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZipSfx.000\phylock.cmd" "
- %TEMP%\7ZipSfx.000\phylock.x64.sys
- %TEMP%\7ZipSfx.000\phylock.w7.x64.sys
- %TEMP%\7ZipSfx.000\phylock.xp.sys
- <DRIVERS>\phylock.sys
- %TEMP%\7ZipSfx.000\setup.exe
- %TEMP%\7ZipSfx.000\phylock.w7.sys
- %TEMP%\7ZipSfx.000\phylock.cmd
- %TEMP%\7ZipSfx.000\phylock.2k.sys
- %TEMP%\7ZipSfx.000\phylock.nt.sys
- %TEMP%\7ZipSfx.000\phylock.w10.x64.sys
- %TEMP%\7ZipSfx.000\phylock.w10.sys
- %TEMP%\7ZipSfx.000\phylock.w7.x64.sys
- %TEMP%\7ZipSfx.000\phylock.w7.sys
- %TEMP%\7ZipSfx.000\phylock.x64.sys
- %TEMP%\7ZipSfx.000\setup.exe
- %TEMP%\7ZipSfx.000\phylock.xp.sys
- %TEMP%\7ZipSfx.000\phylock.cmd
- %TEMP%\7ZipSfx.000\phylock.2k.sys
- %TEMP%\7ZipSfx.000\phylock.nt.sys
- %TEMP%\7ZipSfx.000\phylock.w10.x64.sys
- %TEMP%\7ZipSfx.000\phylock.w10.sys