Trojan.Siggen13.49070

Техническая информация

Для обеспечения автозапуска и распространения

Модифицирует следующие ключи реестра

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DLPRUN' = '%ProgramFiles(x86)%\DLP\dlp3.0\CGEData.exe'
[<HKLM>\SOFTWARE\CLASSES\Excel.Sheet.8\shell\Open\command] '' = '"%ProgramFiles%\Microsoft Office\Office14\EXCEL.EXE" "%1"'

Устанавливает следующие настройки сервисов

[<HKLM>\System\CurrentControlSet\Services\CGEDataService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\CGEDataService] 'ImagePath' = '"%ProgramFiles(x86)%\DLP\dlp3.0\CGEDataService64.exe" -service'
[<HKLM>\System\CurrentControlSet\Services\sDlpSvc] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\sDlpSvc] 'ImagePath' = '"%WINDIR%\SysWOW64\sDlpSvc.exe" -service'
[<HKLM>\System\CurrentControlSet\Services\KeSafe] 'Start' = '00000001'
[<HKLM>\System\CurrentControlSet\Services\KeSafe] 'ImagePath' = '<DRIVERS>\KeSafe64.sys'

Создает следующие сервисы

'CGEDataService' "%ProgramFiles(x86)%\DLP\dlp3.0\CGEDataService64.exe" -service
'sDlpSvc' "%WINDIR%\SysWOW64\sDlpSvc.exe" -service
'KeSafe' <DRIVERS>\KeSafe64.sys

Вредоносные функции

Завершает или пытается завершить

следующие системные процессы:

%WINDIR%\syswow64\cmd.exe

Изменения в файловой системе

Создает следующие файлы

%ALLUSERSPROFILE%\srjd_dlplog_temp\debug_updatelogv9.txt
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-3vgn2.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-cguhq.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-lslkk.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-llmae.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-7fvj2.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-59ks1.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-h0aos.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-nvq1g.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-sjohs.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-5boa0.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-5a612.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-0o62u.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-ae92o.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-t53hv.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-o4nuf.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-gf8v0.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-36v8v.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-o3he7.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-b3ama.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-o9m9v.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-pi3ro.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-a3esv.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-mbc1r.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-bl8s3.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-oek6c.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-5hfhh.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-468p5.tmp
%ALLUSERSPROFILE%\datawatch\log\enc_all.log
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-sv52l.tmp
%ALLUSERSPROFILE%\srjd_dlplog\userlogdll.txt
%WINDIR%\temp\udd8a7.tmp
<DRIVERS>\kesafe64.sys
%WINDIR%\syswow64\sdlpsvc.exe
%ALLUSERSPROFILE%\srjd_dlplog\cgedataservice.txt
%ALLUSERSPROFILE%\srjd_dlp3.1\datawatch.ini
%ALLUSERSPROFILE%\srjd_dlp3.1\81sysconfig.ini
%ALLUSERSPROFILE%\srjd_dlp3.1\81safeout.ini
%ALLUSERSPROFILE%\srjd_dlplog\sdk.txt
%ALLUSERSPROFILE%\srjd_dlplog\userlog.txt
%ALLUSERSPROFILE%\srjd_dlplog\userlog.cfg
%ALLUSERSPROFILE%\srjd_dlp3.1\user81sysconfig.ini
%ProgramFiles(x86)%\dlp\dlp3.0\81sysconfig.ini
%ProgramFiles(x86)%\dlp\dlp3.0\unins000.dat
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-1s6tm.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-g84e6.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-tcrt5.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-cf17j.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-ov77b.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-tq3v4.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-eoet4.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-jt2ej.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-d433n.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-jsvn0.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-7vreg.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-tfd0g.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-j15n3.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-fqnec.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-oq635.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-53lin.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-78etl.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-p6q2g.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-vrhlt.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-p2b01.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-7bast.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-395m5.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-4gikr.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-ru1ur.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-614m3.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-jat5c.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-ils99.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-nnvoa.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-0d8hc.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-ic1be.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-kpd5g.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-fbf9o.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-nh3r2.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-o1pni.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-1chvn.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-0tb4d.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-gf73d.tmp
%TEMP%\is-iaed1.tmp\_isetup\_setup64.tmp
%TEMP%\is-18ko7.tmp\srjdsetupup.tmp
%ALLUSERSPROFILE%\srjdsetupup.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-fvmu8.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-8p3k1.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-c8s83.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-poo1j.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-u0iv1.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-hqvt2.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-12oan.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-jigk3.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-5gg2r.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-rhq37.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-ga0bo.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-lv8hn.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-mbdq5.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-du6a3.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-tm7su.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-7mns5.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-ok1n8.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-fiqet.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-kqbag.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-8b92l.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-m7vgb.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-9tc2u.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-gdq4m.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-j5n8g.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-qlavn.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-qaqbd.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-n0ovp.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-vm84t.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\is-2ha3j.tmp
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-7n4hj.tmp
%ALLUSERSPROFILE%\datawatch\log\enc_error.log

Удаляет следующие файлы

%ALLUSERSPROFILE%\srjd_dlplog\userlog.cfg
%WINDIR%\temp\udd8a7.tmp
%TEMP%\is-iaed1.tmp\_isetup\_setup64.tmp
%TEMP%\is-18ko7.tmp\srjdsetupup.tmp

Перемещает следующие файлы

%ProgramFiles(x86)%\dlp\dlp3.0\is-gf73d.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\unins000.exe
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-0o62u.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\keefssafe.sys
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-ae92o.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\keefssafe.pdb
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-t53hv.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\ipcity.json
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-o4nuf.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\ipaddress.dat
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-gf8v0.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\cgeenout.exe
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-36v8v.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\cgdm-windows-386.exe
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-o3he7.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\stopdlg.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-b3ama.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\set3.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-o9m9v.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\set2.png
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-5a612.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\keefssafe64.pdb
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-pi3ro.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\set1.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-mbc1r.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\notice.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-bl8s3.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\messagebox.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-oek6c.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\login.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-tfd0g.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\editpass.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-fqnec.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\close3.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-7n4hj.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\close2.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-c8s83.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\close1.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-u0iv1.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\caution.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-hqvt2.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\cancel.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-a3esv.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\ok.png
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-468p5.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgecontrol2.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-g84e6.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\satuationsystem.ini
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-nvq1g.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\keefssafeapi.pdb
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-tcrt5.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\log_satuation.cfg.template
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-cf17j.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\log_satuation.cfg
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-ov77b.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\log4cplus.cfg.template
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-tq3v4.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\log4cplus.cfg
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-eoet4.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\mpipedll.dll
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-jt2ej.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgescheduler3.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-d433n.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgescheduler.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-jsvn0.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgesa.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-7vreg.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgedata3.exe
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-12oan.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\approval.png
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-sv52l.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgecontrol3.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-j15n3.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgecomm.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-5hfhh.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\7z.exe
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\is-3vgn2.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\7z.dll
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-cguhq.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\languageen.ini
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-lslkk.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\language.ini
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-llmae.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\kesafeapi.pdb
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-7fvj2.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\kesafeapi.dll
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-59ks1.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\kesafe64.sys
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-h0aos.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\kesafe.sys
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-5boa0.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\keefssafe64.sys
%ProgramFiles(x86)%\dlp\dlp3.0\tools\is-sjohs.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\tools\keefssafeapi.dll
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-jigk3.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\appdefile.png
%ProgramFiles(x86)%\dlp\dlp3.0\is-oq635.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\sqlite.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-78etl.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\keefssafeapi.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-p6q2g.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\kesafeapi.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-vrhlt.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\srjdmenu64.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-p2b01.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\srjdmenu.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-7bast.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\srjddll64.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-395m5.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\srjddll.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-4gikr.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\sdlpsvc.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-ru1ur.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\uninstallown.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-614m3.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgesslup.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-53lin.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgedce.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-jat5c.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgecontrol.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-nnvoa.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgedataservice.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-0d8hc.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgeh64.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-ic1be.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgeh32.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-kpd5g.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgedata.exe
%ProgramFiles(x86)%\dlp\dlp3.0\is-fbf9o.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\logscansdk.cfg
%ProgramFiles(x86)%\dlp\dlp3.0\is-nh3r2.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skinen.ini
%ProgramFiles(x86)%\dlp\dlp3.0\is-o1pni.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin.ini
%ProgramFiles(x86)%\dlp\dlp3.0\is-1chvn.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\softtype.txt
%ProgramFiles(x86)%\dlp\dlp3.0\is-0tb4d.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\81sysconfig.ini
%ProgramFiles(x86)%\dlp\dlp3.0\is-ils99.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\cgedataservice64.exe
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-m7vgb.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\close2.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-rhq37.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\about.png
%ProgramFiles(x86)%\dlp\dlp3.0\is-8p3k1.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\gdiplus.dll
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-ga0bo.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\stopdlg.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-lv8hn.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\set3.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-mbdq5.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\set2.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-du6a3.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\set1.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-tm7su.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\ok.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-7mns5.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\notice.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-ok1n8.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\messagebox.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-fiqet.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\login.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-kqbag.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\editpass.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\is-5gg2r.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_makeen\addr.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-8b92l.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\close3.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-9tc2u.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\close1.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-gdq4m.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\caution.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-j5n8g.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\cancel.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-qlavn.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\approval.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-qaqbd.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\appdefile.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-n0ovp.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\addr.png
%ProgramFiles(x86)%\dlp\dlp3.0\skin_make\is-vm84t.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\skin_make\about.png
%ProgramFiles(x86)%\dlp\dlp3.0\is-2ha3j.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\libcurl.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-poo1j.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\7z.dll
%ProgramFiles(x86)%\dlp\dlp3.0\is-fvmu8.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\srjdscan.dll
%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\is-1s6tm.tmp в %ProgramFiles(x86)%\dlp\dlp3.0\datawatch\config\scanconfig.ini

Подменяет следующие файлы

%ALLUSERSPROFILE%\srjd_dlplog\userlog.cfg

Сетевая активность

Подключается к

'dl#.#ec.ke.com':8443

UDP

DNS ASK dl#.#ec.ke.com

Другое

Ищет следующие окна

ClassName: '' WindowName: '安装 - 数据泄露防护（DLP）终端'
ClassName: '' WindowName: 'Microsoft Visual C++ Runtime Library'

Создает и запускает на исполнение

'%ALLUSERSPROFILE%\srjdsetupup.exe' /VERYSILENT
'%ProgramFiles(x86)%\dlp\dlp3.0\cgeh64.exe' -install
'%ProgramFiles(x86)%\dlp\dlp3.0\cgecontrol.exe' PIPE
'%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgesa.exe'
'%ProgramFiles(x86)%\dlp\dlp3.0\cgedataservice64.exe' -service
'%TEMP%\is-iaed1.tmp\_isetup\_setup64.tmp' 105 0x240
'%ProgramFiles(x86)%\dlp\dlp3.0\cgedata.exe'
'%WINDIR%\syswow64\sdlpsvc.exe' -service
'%ProgramFiles(x86)%\dlp\dlp3.0\cgedata.exe' -install
'%TEMP%\is-18ko7.tmp\srjdsetupup.tmp' /SL5="$C01F0,28453796,121344,%ALLUSERSPROFILE%\srjdsetupUp.exe" /VERYSILENT
'%ProgramFiles(x86)%\dlp\dlp3.0\cgedataservice64.exe' -Setup
'%WINDIR%\syswow64\sdlpsvc.exe' -Setup
'%ProgramFiles(x86)%\dlp\dlp3.0\datawatch\cgesa.exe' ' (со скрытым окном)
'%ALLUSERSPROFILE%\srjdsetupup.exe' /VERYSILENT' (со скрытым окном)
'%WINDIR%\syswow64\sdlpsvc.exe' -Setup' (со скрытым окном)
'%ProgramFiles(x86)%\dlp\dlp3.0\cgecontrol.exe' PIPE' (со скрытым окном)
'%WINDIR%\syswow64\cmd.exe' /K' (со скрытым окном)
'%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\DLP\dlp3.0\SrjdMenu64.dll"' (со скрытым окном)
'<SYSTEM32>\net.exe' start CGEDataService' (со скрытым окном)
'%WINDIR%\syswow64\icacls.exe' "%ALLUSERSPROFILE%\SRJD_DLP3.1\userdatabase_sqlite8.db3" /t /grant Everyone:f' (со скрытым окном)

Запускает на исполнение

'<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles(x86)%\DLP\dlp3.0\SrjdMenu64.dll"
'%WINDIR%\syswow64\cmd.exe' /K
'%WINDIR%\syswow64\wbem\wmic.exe' bios get serialnumber
'%WINDIR%\syswow64\regsvr32.exe' /s "%ProgramFiles(x86)%\DLP\dlp3.0\SrjdMenu64.dll"
'<SYSTEM32>\net.exe' start CGEDataService
'<SYSTEM32>\net1.exe' start CGEDataService
'%WINDIR%\syswow64\icacls.exe' "%ALLUSERSPROFILE%\SRJD_DLP3.1\userdatabase_sqlite8.db3" /t /grant Everyone:f

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней