Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\DownloadInformation] 'CODEBASE' = '<Полный путь к вирусу>'
- '<SYSTEM32>\CKSetup32.exe' /install
- ClassName: 'pediy06' WindowName: '(null)'
- ClassName: 'GBDYLLO' WindowName: '(null)'
- ClassName: 'OLLYDBG' WindowName: '(null)'
- <SYSTEM32>\npKeyPro.dll
- <SYSTEM32>\CKKeyProCert.dll
- <SYSTEM32>\jrsoftcp.dll
- %WINDIR%\Downloaded Program Files\TouchEnKey.inf
- <SYSTEM32>\CKApp.dll
- <DRIVERS>\SET4.tmp
- <SYSTEM32>\dllcache\usbport.sys.new
- <DRIVERS>\SET1.tmp
- <SYSTEM32>\CKCSP.dll
- <SYSTEM32>\kcrypto.dll
- <SYSTEM32>\CKAgent.dat
- <SYSTEM32>\temp_JRSKD24.SYS
- <SYSTEM32>\CKAgent_t.exe
- <SYSTEM32>\CKSetup32.exe
- <SYSTEM32>\CKSetup32.dat
- <SYSTEM32>\TouchEnKey.dll
- <SYSTEM32>\XecureCK.dll
- %WINDIR%\Downloaded Program Files\TouchEnKey.dll
- <SYSTEM32>\temp_JRSUKD25.SYS
- <SYSTEM32>\temp_kcrtx86.sys
- <DRIVERS>\SET1.tmp
- <SYSTEM32>\JRSKD24.SYS
- <SYSTEM32>\temp_kcrtx86.sys в <SYSTEM32>\kcrtx86.sys
- <DRIVERS>\SET4.tmp в <DRIVERS>\usbport.sys
- <SYSTEM32>\dllcache\usbport.sys.new в <SYSTEM32>\dllcache\usbport.sys
- <SYSTEM32>\CKAgent_t.exe в <SYSTEM32>\CKAgent.exe
- <SYSTEM32>\temp_JRSKD24.SYS в <SYSTEM32>\JRSKD24.SYS
- <SYSTEM32>\temp_JRSUKD25.SYS в <SYSTEM32>\JRSUKD25.SYS
- ClassName: 'CKAGENT' WindowName: '(null)'
- ClassName: 'CKAppProEx_Notify_Wnd' WindowName: 'CKAppProEx_Notify_Wnd'