Техническая информация
- [<HKLM>\SOFTWARE\Classes\Wordpad.Document.1\shell\open\command] '' = '"%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /n /dde'
- [<HKLM>\SYSTEM\ControlSet001\Services\Estdlock] 'Start' = '00000001'
- NtQueryInformationProcess, драйвер-обработчик: Estdlock.sys
- NtOpenFile, драйвер-обработчик: Estdlock.sys
- NtCreateFile, драйвер-обработчик: Estdlock.sys
- <DRIVERS>\Estdlock.sys
- %APPDATA%\ESafeNet_Out\ODMGuard.exe
- %APPDATA%\ESafeNet_Out\ODMHook.exe
- \Device\Esafenet\EncryDisk0\6B934F2D24F243E72284e08\¦ф+и+о¦L¦г¬·IN¦·+¬-и-э10-21.xls
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %APPDATA%\ESafeNet_Out\EDFAT16.eed
- %APPDATA%\ESafeNet_Out\COCfg.xml
- %WINDIR%\CDGOUT.LOG
- %APPDATA%\ESafeNet_Out\Estdlock.sys
- %APPDATA%\ESafeNet_Out\ODMHook.dll
- %APPDATA%\ESafeNet_Out\FileLock.dll
- %APPDATA%\ESafeNet_Out\FT_ET99_API.dll
- \Device\Esafenet\EncryDisk0\6B934F2D24F243E72284e08\¦ф+и+о¦L¦г¬·IN¦·+¬-и-э10-21.xls