Trojan.Siggen12.41097

Техническая информация

Для обеспечения автозапуска и распространения

Создает или изменяет следующие файлы

<SYSTEM32>\tasks\alertussecuredesktoplauncher
<SYSTEM32>\tasks\alertussessionlockedlauncherscheduledtask
<SYSTEM32>\tasks\alertussessionunlockedlauncherscheduledtask

Устанавливает следующие настройки сервисов

[<HKLM>\System\CurrentControlSet\Services\AlertusDesktopService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\AlertusDesktopService] 'ImagePath' = '"%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\AlertusDesktopService.exe"'

Создает следующие сервисы

'AlertusDesktopService' "%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\AlertusDesktopService.exe"
'AlertusDesktopService' %ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\AlertusDesktopService.exe

Изменения в файловой системе

Создает следующие файлы

%TEMP%\ixp000.tmp\alertus-desktopalert-5.4.3.0-microsoft.msi
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertussessionlockedlauncherscheduledtask.xml
%ProgramFiles(x86)%\alertus technologies\alertus desktop\scheduledtask.xml
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertussessionunlockedlauncherscheduledtask.xml
%ProgramFiles(x86)%\alertus technologies\alertus desktop\shortcut.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\alertus technologies\alertus desktop\alertus desktop.lnk
%ProgramFiles(x86)%\alertus technologies\alertus desktop\shortcut to alertus desktop alert.exe.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\alertusdesktopalert.exe.lnk
%WINDIR%\installer\{e2127d5c-f132-4d3b-9ca9-632dc87b0635}\alfullscreenglossy.exe
%ProgramFiles(x86)%\alertus technologies\alertus desktop\removealertusdesktopservice.bat
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopalert.vshost.exe
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopsessionlocked.exe
%ProgramFiles(x86)%\alertus technologies\alertus desktop\audioswitcher.audioapi.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\audioswitcher.audioapi.coreaudio.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\managedwifi.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\assets\jquery.3.3.1.min.js
%ProgramFiles(x86)%\alertus technologies\alertus desktop\assets\jquery.1.8.2.min.js
%ALLUSERSPROFILE%\alertus technologies\desktop alert\lockscreenimages\ls-general.png
%ALLUSERSPROFILE%\alertus technologies\desktop alert\lockscreenimages\ls-emergency.png
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopsessionunlocked.exe
%ProgramFiles(x86)%\alertus technologies\alertus desktop\setupalertusdesktopservice.bat
%ALLUSERSPROFILE%\alertus technologies\desktop alert\uuid
%WINDIR%\temp\cabea75.tmp
%WINDIR%\temp\tar3b5c.tmp
%WINDIR%\temp\cab3b4b.tmp
%WINDIR%\temp\tar3b3b.tmp
%WINDIR%\temp\cab3b3a.tmp
%WINDIR%\temp\tar3b19.tmp
%WINDIR%\temp\cab3b18.tmp
%WINDIR%\temp\tar68.tmp
%WINDIR%\temp\cab67.tmp
%ProgramFiles(x86)%\alertus technologies\alertus desktop\logo1.gif
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopalert.exe.config
%WINDIR%\temp\tard475.tmp
%WINDIR%\temp\cabd464.tmp
%WINDIR%\temp\tard463.tmp
%WINDIR%\temp\cabd453.tmp
%WINDIR%\temp\tard452.tmp
%WINDIR%\temp\cabd451.tmp
%WINDIR%\temp\tard430.tmp
%WINDIR%\temp\cabd42f.tmp
%WINDIR%\temp\tarea76.tmp
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.desktopui.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertuspanicbuttonusbv2.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.screensaverhelper.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\microsoft.web.services3.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\log4net.config
%ProgramFiles(x86)%\alertus technologies\alertus desktop\license
%ProgramFiles(x86)%\alertus technologies\alertus desktop\devcomponents.dotnetbar2.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\br.util.bithelper.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.web.xmlserializers.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\log4net.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\nologo1.gif
%ProgramFiles(x86)%\alertus technologies\alertus desktop\br.gui.autoscalingcontrols.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.pki.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.gui.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopalert.exe
%TEMP%\aibb_{e2127d5c-f132-4d3b-9ca9-632dc87b0635}_252.tmp
%TEMP%\{7a9d6aa2-7f08-48b8-a037-d7667daa93c6}.bat
%TEMP%\ixp000.tmp\alertusdesktopalert.exe.config
%TEMP%\ixp000.tmp\logo1.gif
%TEMP%\ixp000.tmp\install.cmd
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.web.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\ticker.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\naudio.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\assets\jquery-textfill-0.2.js
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.opensourcecassia.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\winusbnet.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.securedesktoplogonscreenlauncher.exe
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopservice.exe
%ProgramFiles(x86)%\alertus technologies\alertus desktop\assets\jquery-textfill-0.3.js
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertus.core.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\bouncycastle.crypto.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\screensaverdefault2.png
%ProgramFiles(x86)%\alertus technologies\alertus desktop\screensaverdefault.png
%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusscreensaver.scr
%ProgramFiles(x86)%\alertus technologies\alertus desktop\usbtestcs.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\assets\less-1.3.0.min.js
%ProgramFiles(x86)%\alertus technologies\alertus desktop\windows.winmd
%ProgramFiles(x86)%\alertus technologies\alertus desktop\toasticon.png
%ProgramFiles(x86)%\alertus technologies\alertus desktop\resources\alfullscreen-glossy.ico
%ProgramFiles(x86)%\alertus technologies\alertus desktop\resources\alfullscreen-64x64-trans.png
%ProgramFiles(x86)%\alertus technologies\alertus desktop\resources\alertus-badge-250.jpg
%ProgramFiles(x86)%\alertus technologies\alertus desktop\microsoft.windowsapicodepack.shell.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\microsoft.windowsapicodepack.dll
%ProgramFiles(x86)%\alertus technologies\alertus desktop\system.speech.dll
%LOCALAPPDATA%\alertus technologies\desktop alert\log.txt
%ALLUSERSPROFILE%\alertus technologies\desktop alert\logs\windowsservice\log.txt

Удаляет следующие файлы

%TEMP%\ixp000.tmp\alertusdesktopalert.exe.config
%WINDIR%\temp\tar3b3b.tmp
%WINDIR%\temp\cab3b3a.tmp
%WINDIR%\temp\tar3b19.tmp
%WINDIR%\temp\cab3b18.tmp
%WINDIR%\temp\tar68.tmp
%WINDIR%\temp\cab67.tmp
%WINDIR%\temp\tarea76.tmp
%WINDIR%\temp\cabea75.tmp
%WINDIR%\temp\tard475.tmp
%WINDIR%\temp\cabd464.tmp
%WINDIR%\temp\tard463.tmp
%WINDIR%\temp\cabd453.tmp
%WINDIR%\temp\tard452.tmp
%WINDIR%\temp\cabd451.tmp
%WINDIR%\temp\tard430.tmp
%WINDIR%\temp\cabd42f.tmp
%TEMP%\ixp000.tmp\alertus-desktopalert-5.4.3.0-microsoft.msi
%TEMP%\ixp000.tmp\install.cmd
%TEMP%\ixp000.tmp\logo1.gif
%WINDIR%\temp\cab3b4b.tmp
%WINDIR%\temp\tar3b5c.tmp

Сетевая активность

Подключается к

'microsoft.com':80
'localhost':8443

UDP

DNS ASK microsoft.com
DNS ASK alertus.corp.microsoft.com

Другое

Создает и запускает на исполнение

'%WINDIR%\installer\msi98f3.tmp' /RunAsAdmin /HideWindow "%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\removeAlertusDesktopService.bat"
'%WINDIR%\installer\msia658.tmp' /RunAsAdmin /HideWindow "%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\setupAlertusDesktopService.bat"
'%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopservice.exe'
'%WINDIR%\installer\msicb3c.tmp' /DontWait /dir APPDIR "%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\AlertusDesktopAlert.exe"
'%ProgramFiles(x86)%\alertus technologies\alertus desktop\alertusdesktopalert.exe'
'<SYSTEM32>\cmd.exe' /c install.cmd' (со скрытым окном)
'%WINDIR%\syswow64\cmd.exe' /C "%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\setupAlertusDesktopService.bat"' (со скрытым окном)

Запускает на исполнение

'<SYSTEM32>\cmd.exe' /c install.cmd
'<SYSTEM32>\msiexec.exe' /i alertus-desktopalert-5.4.3.0-Microsoft.msi /qb /quiet /norestart
'%WINDIR%\syswow64\cmd.exe' "%TEMP%\{7A9D6AA2-7F08-48B8-A037-D7667DAA93C6}.bat"
'%WINDIR%\syswow64\chcp.com' 65001
'%WINDIR%\syswow64\cmd.exe' /C "%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\setupAlertusDesktopService.bat"
'%WINDIR%\syswow64\schtasks.exe' /delete /TN AlertusSecureDesktopLauncher /f
'%WINDIR%\syswow64\schtasks.exe' /Create /TN AlertusSecureDesktopLauncher /XML "scheduledTask.xml"
'%WINDIR%\syswow64\schtasks.exe' /delete /TN AlertusSessionLockedLauncherScheduledTask /f
'%WINDIR%\syswow64\schtasks.exe' /Create /TN AlertusSessionLockedLauncherScheduledTask /XML "AlertusSessionLockedLauncherScheduledTask.xml"
'%WINDIR%\syswow64\schtasks.exe' /delete /TN AlertusSessionUnlockedLauncherScheduledTask /f
'%WINDIR%\syswow64\schtasks.exe' /Create /TN AlertusSessionUnlockedLauncherScheduledTask /XML "AlertusSessionUnlockedLauncherScheduledTask.xml"
'%WINDIR%\syswow64\sc.exe' stop AlertusDesktopService
'%WINDIR%\syswow64\sc.exe' delete AlertusDesktopService
'%WINDIR%\syswow64\sc.exe' create AlertusDesktopService binpath= "\"%ProgramFiles(x86)%\Alertus Technologies\Alertus Desktop\AlertusDesktopService.exe\"" start= auto
'%WINDIR%\syswow64\sc.exe' start AlertusDesktopService

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней