Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\DownloadInformation] 'CODEBASE' = '<Полный путь к вирусу>'
- <SYSTEM32>\CKSetup32.exe /install
- <SYSTEM32>\jrsoftcp.dll
- <SYSTEM32>\CKApp.dll
- <SYSTEM32>\XecureCK.dll
- <SYSTEM32>\npKeyPro.dll
- <SYSTEM32>\kcrypto.dll
- <SYSTEM32>\CKCSP.dll
- <SYSTEM32>\CKKeyProCert.dll
- <SYSTEM32>\temp_JRSKD24.SYS
- <SYSTEM32>\CKAgent_t.exe
- <SYSTEM32>\CKSetup32.exe
- <SYSTEM32>\temp_JRSUKD25.SYS
- %WINDIR%\Downloaded Program Files\XecureCK.dll
- %WINDIR%\Downloaded Program Files\CKKeyPro.inf
- <SYSTEM32>\kcrtx86.sys
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'CKAGENT' WindowName: ''
- ClassName: 'CKAppProEx_Notify_Wnd' WindowName: 'CKAppProEx_Notify_Wnd'