Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Estdlock] 'Start' = '00000001'
- '%APPDATA%\ESafeNet_Out_NewVersion\ODMHook.exe' InstallDrv /keepit /service:Estdlock
- NtOpenProcess, драйвер-обработчик: Estdlock.sys
- NtQueryInformationProcess, драйвер-обработчик: Estdlock.sys
- NtCreateFile, драйвер-обработчик: Estdlock.sys
- NtOpenFile, драйвер-обработчик: Estdlock.sys
- %APPDATA%\ESafeNet_Out_NewVersion\EDFAT16.eed
- %WINDIR%\CDGODMHook.LOG
- %APPDATA%\ESafeNet_Out_NewVersion\ODMHook64.exe
- %APPDATA%\ESafeNet_Out_NewVersion\ODMGuard.exe
- <DRIVERS>\Estdlock.sys
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\rp.log
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- \Device\Esafenet\EncryDisk0\F03749C60EF1B19B24e1608\附件2:PIR保冷结构图-2014.dwg
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
- %APPDATA%\ESafeNet_Out_NewVersion\Estdlock.sys
- %APPDATA%\ESafeNet_Out_NewVersion\Estdlock64.sys
- %WINDIR%\CDGODMGuard.LOG
- %APPDATA%\ESafeNet_Out_NewVersion\COCfg.xml
- %APPDATA%\ESafeNet_Out_NewVersion\FT_ET99_API.dll
- %APPDATA%\ESafeNet_Out_NewVersion\ODMHook.exe
- %APPDATA%\ESafeNet_Out_NewVersion\ODMHook64.dll
- %APPDATA%\ESafeNet_Out_NewVersion\FileLock.dll
- %APPDATA%\ESafeNet_Out_NewVersion\ODMHook.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''