Trojan.Siggen10.26101

Техническая информация

Для обеспечения автозапуска и распространения

Устанавливает следующие настройки сервисов

[<HKLM>\System\CurrentControlSet\Services\Syncro] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\Syncro] 'ImagePath' = '"%ProgramFiles%\RepairTech\Syncro\Syncro.Service.Runner.exe"'

Создает следующие сервисы

'Syncro' "%ProgramFiles%\RepairTech\Syncro\Syncro.Service.Runner.exe"
'Syncro' %ProgramFiles%\RepairTech\Syncro\Syncro.Service.Runner.exe

Изменения в файловой системе

Создает следующие файлы

%ALLUSERSPROFILE%\syncro\logs\masterinstaller.log
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.service.runner.exe
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.service.exe.config
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.service.exe
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.contracts.dll.config
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.contracts.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.app.runner.exe
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.app.dll.config
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.app.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\squirrel.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\splat.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\sl-si\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\sharpsnmplib.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\sharpcompress.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\sevenzipsharp.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\nl-nl\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\serilog.sinks.rollingfile.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\serilog.sinks.file.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\serilog.sinks.console.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\serilog.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ru\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ru\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ru\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ru\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ru-ru\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\rollbarsharp.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\restsharp.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\repairtech.common.tools.dll.config
%ProgramFiles%\repairtech\syncro\app-1.0.121\repairtech.common.tools.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\pt-br\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\phoenix.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\serilog.sinks.literate.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\nuget.squirrel.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.tools.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\urlcombinelib.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-chs\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hans\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hans\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hans\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hans\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hant\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hant\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\images\kabuto_logo.ico
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hant\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\install.bat
%ALLUSERSPROFILE%\syncro\logs\serviceinstall.log
%ProgramFiles%\repairtech\syncro\syncro.service.runner.installstate
%ALLUSERSPROFILE%\syncro\logs\20200923-syncro.service.runner.log
%ALLUSERSPROFILE%\syncro\bin\filepusher.exe
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.uninstaller.exe
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.tools.dll.config
%ProgramFiles%\repairtech\syncro\app-1.0.121\telerik.windows.data.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\telerik.windows.controls.navigation.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\telerik.windows.controls.input.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\telerik.windows.controls.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\telerik.windows.controls.conversationalui.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.valuetuple.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.spatial.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.security.cryptography.x509certificates.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.security.cryptography.primitives.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.security.cryptography.encoding.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.security.cryptography.algorithms.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\system.net.websockets.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.uninstaller.tools.exe
%ProgramFiles%\repairtech\syncro\app-1.0.121\syncro.uninstaller.exe.config
%ProgramFiles%\repairtech\syncro\app-1.0.121\websocket-sharp.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\newtonsoft.json.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\mono.cecil.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\microsoft.win32.taskscheduler.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\es\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\es\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\es\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\es-es\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\en\syncro.uninstaller.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\en\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\el-gr\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\dotnetzip.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\de\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\de\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\de\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\de\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\deltacompressiondotnet.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\fi-fi\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\de-de\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\csharpfunctionalextensions.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\cs-cz\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\config.json
%ProgramFiles%\repairtech\syncro\app-1.0.121\ar-sa\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\7za-x86.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\7za-x64.dll
%ProgramFiles%\repairtech\syncro\packages\kabuto-1.0.121-full.nupkg
%ProgramFiles%\repairtech\syncro\packages\releases
%ProgramFiles%\repairtech\syncro\syncro.app.runner.exe
%ProgramFiles%\repairtech\syncro\syncro.service.runner.exe
%ProgramFiles%\repairtech\syncro\update.exe
%ALLUSERSPROFILE%\syncro\logs\20200923-syncro.installer.log
%TEMP%\syncro.installer.exe
%ALLUSERSPROFILE%\syncro\images\logo.png
%ProgramFiles%\repairtech\syncro\app-1.0.121\da-dk\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\fluentcommandlineparser.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\es\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\flurl.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\microsoft.web.xmltransform.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ja-jp\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\microsoft.data.services.client.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\microsoft.data.odata.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\microsoft.data.edm.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\metroframework.fonts.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\metroframework.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ko\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ko\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ko\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ko\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\jetbrains.annotations.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ja\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ja\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ja\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\ja\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\it\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\flurl.http.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\it\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\it\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\it\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\itenso.timeperiod.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\it-it\syncro.app.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\interop.wuapilib.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\zh-hant\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\images\custom_logo.png
%ProgramFiles%\repairtech\syncro\app-1.0.121\images\chat-bubbles-icon.png
%ProgramFiles%\repairtech\syncro\app-1.0.121\fr\system.spatial.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\fr\microsoft.data.services.client.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\fr\microsoft.data.odata.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\fr\microsoft.data.edm.resources.dll
%ProgramFiles%\repairtech\syncro\app-1.0.121\fr-fr\syncro.app.resources.dll
%ALLUSERSPROFILE%\syncro\bin\module.psm1
%ALLUSERSPROFILE%\syncro\logs\20200923-syncro.app.runner.log

Удаляет следующие файлы

%ProgramFiles%\repairtech\syncro\install.bat

Сетевая активность

TCP

'rm#.##ncromsp.com':443
's3.###zonaws.com':443
'at######nts.servably.com':443
'pr#######n.kabutoservices.com':443

UDP

DNS ASK rm#.##ncromsp.com
DNS ASK s3.###zonaws.com
DNS ASK at######nts.servably.com
DNS ASK pr#######n.kabutoservices.com

Другое

Ищет следующие окна

ClassName: 'TrayNotifyWnd' WindowName: ''
ClassName: 'SysPager' WindowName: ''
ClassName: 'ToolbarWindow32' WindowName: ''
ClassName: 'NotifyIconOverflowWindow' WindowName: ''

Создает и запускает на исполнение

'%TEMP%\syncro.installer.exe' -k APJB7VjdZfcaQpGlCH-pow --customerid 198274 --policyid 1143
'%ProgramFiles%\repairtech\syncro\syncro.service.runner.exe'
'%ProgramFiles%\repairtech\syncro\syncro.app.runner.exe'

Запускает на исполнение

'<SYSTEM32>\cmd.exe' /c "%ProgramFiles%\RepairTech\Syncro\install.bat"
'%WINDIR%\microsoft.net\framework64\v4.0.30319\installutil.exe' /ShowCallStack /LogFile=%ALLUSERSPROFILE%/Syncro/logs/ServiceInstall.log "%ProgramFiles%\RepairTech\Syncro\Syncro.Service.Runner.exe"
'<SYSTEM32>\sc.exe' failure Syncro reset= 60 actions= restart/5000/restart/10000/restart/60000
'<SYSTEM32>\sc.exe' start Syncro

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней