Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\ProDefense2] 'ImagePath' = '<DRIVERS>\ProDefense2.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\neokdss] 'ImagePath' = '<DRIVERS>\neokdss.sys'
- NtOpenProcess, драйвер-обработчик: ProDefense2.sys
- NtOpenThread, драйвер-обработчик: ProDefense2.sys
- <SYSTEM32>\kcu86s.dll
- <SYSTEM32>\kcu86.dll
- <SYSTEM32>\proDefense.dll
- <DRIVERS>\ProDefense2.sys
- <DRIVERS>\kck86s.sys
- <DRIVERS>\neokdss.sys
- <SYSTEM32>\Kdfhok.dll
- <SYSTEM32>\kdfapi.dll
- <SYSTEM32>\kdfdec.dll
- %WINDIR%\uninstallkdf8.exe
- <DRIVERS>\ProDefense2.sys
- ClassName: '#32770' WindowName: 'BC??????????'
- ClassName: '#32770' WindowName: 'BCД«µе°бБ¦Гў'
- ClassName: '#32770' WindowName: 'KB??????????????'
- ClassName: '#32770' WindowName: 'KB±№№ОД«µе°бБ¦Гў'
- ClassName: '#32770' WindowName: '???????? ????'
- ClassName: '#32770' WindowName: 'ѕИАь°бБ¦ АОБх'
- ClassName: 'TFrmMain' WindowName: 'BankPay ?????? ???? ??????'
- ClassName: 'TFrmMain' WindowName: 'BankPay АОЕНіЭ °бБ¦ јєсЅє'