Ransom.Win32.SODINOKIBI.ASDKI
別名:
Trojan.Win32.DelShad.abl (Kaspersky); Trojan-Ransom.Sodinokibi (Ikarus)
プラットフォーム:
Windows
危険度:
ダメージ度:
感染力:
感染確認数:
情報漏えい:
マルウェアタイプ:
身代金要求型不正プログラム(ランサムウェア)
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
感染経路 インターネットからのダウンロード, 他のマルウェアからの作成
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
ファイルサイズ 167,937 bytes
タイプ EXE
メモリ常駐 はい
発見日 2019年7月26日
ペイロード 画像の表示, メッセージボックスの表示, ファイルの暗号化, URLまたはIPアドレスに接続
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のプロセスを追加します。
- vssadmin.exe Delete Shadows /All /Quiet → deletes shadow copies
- bcdedit /set {default} recoveryenabled No → disables startup repair
- bcdedit /set {default} bootstatuspolicy ignoreallfailures → disables windows error recovery
他のシステム変更
マルウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
マルウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
pvg = {Hex Bytes}
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
sxsP = {Hex Bytes}
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
BDDC8 = {Hex Bytes}
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
f7gVD7 = {Hex Bytes}
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
Xu7Nnkd = {Appended File Extension]
HKEY_LOCAL_MACHINE\SOFTWARE\QtProject\
OrganizationDefaults
sMMnxpgk = {Hex Bytes}
マルウェアは、以下のレジストリ値を変更し、デスクトップの壁紙を変更します。
HKEY_CURRENT_USER\Control Panel\Desktop
Wallpaper = %User Temp%\{random}.bmp
マルウェアは、コンピュータのデスクトップの壁紙に以下の画像を設定します。
作成活動
マルウェアは、以下のファイルを作成します。
- %User Temp%\{random characters}.bmp → ransom wallpaper
- {encrypted folder}\{appended ransom extension}-readme.txt → ransom note
(註:%User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Local\Temp" です。)
情報漏えい
マルウェアは、以下の情報を収集します。
- Computer name
- User name
- Workgroup
- Processor
- Operating System
- System Architecture
情報収集
マルウェアは、HTTPポスト を介して、収集した情報を以下のURLに送信します。
- https://{domain}/{string 1}/{string 2}/{random characters}.{string 3}
- {domain}:
- {BLOCKED}oncrete.com
- {BLOCKED}qca.com
- {BLOCKED}lay.ca
- {BLOCKED}hiro.com
- {BLOCKED}irossana.it
- {BLOCKED}x.co.uk
- {BLOCKED}bblephotography.com
- {BLOCKED}at-pismo-gubernatoru.ru:443
- {BLOCKED}ifi.com
- {BLOCKED}t.sk
- {BLOCKED}k.com
- {BLOCKED}ropi.com.br
- {BLOCKED}acks.com
- {BLOCKED}eymourphotography.co.uk
- {BLOCKED}nllp.com
- {BLOCKED}r.nl
- {BLOCKED}vantonline.eu
- {BLOCKED}istdistinctives.org
- {BLOCKED}eb.net
- {BLOCKED}omattalar.com
- {BLOCKED}a.nl
- {BLOCKED}ksrock.com
- {BLOCKED}g-zelem.de
- {BLOCKED}rcosmicbeing.com
- {BLOCKED}aniuklaw.com
- {BLOCKED}rd-totaal.nl
- {BLOCKED}ttekniksipil.com
- {BLOCKED}densee-buhne11.de
- {BLOCKED}tagsrassismus-entknoten.de
- {BLOCKED}atri.be
- {BLOCKED}c.ca
- {BLOCKED}vapourbarrier.com
- {BLOCKED}arspor.org.tr
- {BLOCKED}thelook.com
- {BLOCKED}ertube.net
- {BLOCKED}konie-weitramsdorf-sesslach.de
- {BLOCKED}gefxinc.com
- {BLOCKED}nessblenderstory.com
- {BLOCKED}nededenroth.dk
- {BLOCKED}leystreetspineclinic.com
- {BLOCKED}og.fr
- {BLOCKED}-cupboard.co.uk
- {BLOCKED}bipdeco.site
- {BLOCKED}nkgoll.com
- {BLOCKED}etuniversiteit.nl
- {BLOCKED}rtspeak.com
- {BLOCKED}plus.be
- {BLOCKED}ing.academy
- {BLOCKED}toniatonaggelon.gr
- {BLOCKED}helor.com
- {BLOCKED}dolandscapes.com
- {BLOCKED}shnabrawijaya.com
- {BLOCKED}umsittard.nl
- {BLOCKED}aartgallery.jp
- {BLOCKED}rella.com
- {BLOCKED}avlete.com
- {BLOCKED}baramcfadyenjewelry.com
- {BLOCKED}arnille.se
- {BLOCKED}p.org
- {BLOCKED}ellrardon.com
- {BLOCKED}inum.pt
- {BLOCKED}amidwifery.com
- {BLOCKED}epreprod4.com
- {BLOCKED}ermattswisswatches.ch
- {BLOCKED}ynthacademy.org
- {BLOCKED}tiocafeblog.wordpress.com
- {BLOCKED}anpublishing.co.uk
- {BLOCKED}x.is
- {BLOCKED}con.com
- {BLOCKED}uiblog.com
- {BLOCKED}skaremote.com
- {BLOCKED}vita.de
- {BLOCKED}ye.com
- {BLOCKED}semetgesigte.co.za
- {BLOCKED}idhosting.nl
- {BLOCKED}pitalitytrainingsolutions.co.uk
- {BLOCKED}agazine.ru
- {BLOCKED}indentistry.com
- {BLOCKED}po.org
- {BLOCKED}-jjb.fr
- {BLOCKED}duga.info
- {BLOCKED}efietsenblog.nl
- {BLOCKED}esources.com
- {BLOCKED}s-kuck.de
- {BLOCKED}ediainc.com
- {BLOCKED}noimmobilier.com
- {BLOCKED}linburgcottage.com
- {BLOCKED}namedia.de
- {BLOCKED}pleitsolutions.ch
- {BLOCKED}chsale.biz
- {BLOCKED}nisverschuur.com
- {BLOCKED}adloftladders.co.uk
- {BLOCKED}talcircle.com
- {BLOCKED}laprome.eu
- {BLOCKED}nstonmingmanning.com
- {BLOCKED}thmoulis.gr
- {BLOCKED}doctordallas.com
- {BLOCKED}uwsindeklas.be
- {BLOCKED}-immo-agentur.de
- {BLOCKED}jektparkiet.pl
- {BLOCKED}puter-place.de
- {BLOCKED}a.co.uk
- {BLOCKED}dakids.com
- {BLOCKED}bianmice.com
- {BLOCKED}-billigafrgpatroner-stb.se
- {BLOCKED}kittickets.com
- {BLOCKED}ewmedia.de
- {BLOCKED}lp.co.uk
- {BLOCKED}hardmaybury.co.uk
- {BLOCKED}tonag.com
- {BLOCKED}anscan.org
- {BLOCKED}r-biznes.com
- {BLOCKED}no-turf.com
- {BLOCKED}akaudible.com
- {BLOCKED}mccallum.com
- {BLOCKED}e.matthies.de
- {BLOCKED}therjees.com
- {BLOCKED}opingcrane.com
- {BLOCKED}soflove.org:443
- {BLOCKED}tastay.com
- {BLOCKED}eitapernambuco.com
- carsten.{BLOCKED}-it.de
- {BLOCKED}lfiegel.com
- {BLOCKED}k.zp.ua
- {BLOCKED}aneosteopathic.com.au
- {BLOCKED}rete.com
- {BLOCKED}sonalessandro.com
- {BLOCKED}oyscustom.com
- {BLOCKED}itting-hk.helpergo.co
- {BLOCKED}well.com.sg
- {BLOCKED}rk.nl
- {BLOCKED}attmediations.com
- {BLOCKED}lowersandrakes.com
- {BLOCKED}edia.com
- {BLOCKED}yseurdetransformation.com
- {BLOCKED}vanvulpen.nl
- {BLOCKED}oxtel.uk
- {BLOCKED}loripa.be
- {BLOCKED}eranch.com
- {BLOCKED}rywizuk.com
- {BLOCKED}malmahdi.com
- {BLOCKED}ellezaysalud.com
- {BLOCKED}anprimaunggul.org
- {BLOCKED}nechic.com
- {BLOCKED}nes.com
- {BLOCKED}surrection.com
- {BLOCKED}arm.dk
- {BLOCKED}c-beethovenstrasse-ag.ch
- {BLOCKED}amarketingdigital.com.br
- {BLOCKED}letdelsindians.es
- {BLOCKED}siniacademy.org
- {BLOCKED}enforensic.com
- {BLOCKED}-okna23.ru
- {BLOCKED}tinezilustrador.com
- {BLOCKED}nt-voice.com
- {BLOCKED}nbryan.com
- {BLOCKED}tianscholz.de
- {BLOCKED}echnologies.net
- {BLOCKED}agefinancial.com
- {BLOCKED}n-prijs.nl
- {BLOCKED}henghotel.com
- {BLOCKED}tivadigital.com
- {BLOCKED}literviertel.com
- {BLOCKED}center-butzbach-werbemittel.de
- {BLOCKED}iaecoturismo.com.br
- {BLOCKED}-storage.co.uk
- {BLOCKED}arinefoundation.com
- {BLOCKED}compserver.de
- {BLOCKED}2biz.com
- {BLOCKED}ukaruva.com
- {BLOCKED}ngbangladesh.net
- {BLOCKED}rnitureco.com
- {BLOCKED}ldeep.com
- {BLOCKED}liedjeszingen.nl
- {BLOCKED}spics.co.uk
- {BLOCKED}tvisual.com
- {BLOCKED}0addfr4ahr.dp.ua
- {BLOCKED}ambv.nl
- {BLOCKED}kapod.com
- {BLOCKED}abrown.com
- {BLOCKED}masters.com
- {BLOCKED}officespaces.net
- bg.{BLOCKED}in.pl
- {BLOCKED}w.com
- {BLOCKED}phold-sjaelland.dk
- {BLOCKED}lai.com
- {BLOCKED}shopping.com
- {BLOCKED}ikstudio-visuell.de
- {BLOCKED}ase.pl
- {BLOCKED}nishstudio.co.uk
- {BLOCKED}monti.com
- {BLOCKED}ingceremonieswithtim.com
- {BLOCKED}hoekzema.nl
- {BLOCKED}ine-des-pothiers.com
- {BLOCKED}ip.com
- {BLOCKED}ncretecoatings.com
- {BLOCKED}i-dress.com
- {BLOCKED}-week-diet.net
- {BLOCKED}edevries.com
- {BLOCKED}larquotes.com
- {BLOCKED}om.com
- {BLOCKED}engatton.com
- {BLOCKED}ets-clubs.co.uk
- {BLOCKED}easkildegaard.dk
- {BLOCKED}oucan.com
- {BLOCKED}ssreliefadvice.com
- {BLOCKED}alcompliancenews.com
- {BLOCKED}nixcrane.com
- {BLOCKED}s.de
- {BLOCKED}bki.ru
- {BLOCKED}eport.com
- {BLOCKED}computer-support-hamburg.de
- {BLOCKED}el-york.com
- {BLOCKED}ademmobil.com.tr
- {BLOCKED}bo.it
- {BLOCKED}mmunity.de
- {BLOCKED}luno.com
- {BLOCKED}hetalk.com
- {BLOCKED}lochversicherung.info
- {BLOCKED}crosshideout.com
- {BLOCKED}lerysalonsoho.com:443
- {BLOCKED}ness-basic.de
- {BLOCKED}oradio.de
- {BLOCKED}adodelrio.com
- {BLOCKED}esscolony.com.ng
- {BLOCKED}spinner.com
- {BLOCKED}sschool.ru
- {BLOCKED}hindsight.info
- {BLOCKED}i.store
- {BLOCKED}ajosediazdemera.com
- {BLOCKED}nonecampaign.com
- {BLOCKED}ianhweeks.com
- {BLOCKED}dultere.fr
- {BLOCKED}onalbrightdds.com
- {BLOCKED}esofwa.com
- {BLOCKED}andgo.hu
- {BLOCKED}ans.com
- {BLOCKED}age.fr
- {BLOCKED}asfiloxenia.gr
- {BLOCKED}ch-made.com
- {BLOCKED}daddyblog.com
- {BLOCKED}ndschiess.de
- {BLOCKED}ansconsult.com
- {BLOCKED}ntidigitali.com
- {BLOCKED}monturkiye.com
- {BLOCKED}tenreich-brilon.de
- {BLOCKED}ionsigns.com
- {BLOCKED}iss.ru
- {BLOCKED}tgood.com
- {BLOCKED}-teleachat.fr
- {BLOCKED}lettabordeaux.fr
- {BLOCKED}temakersheerenveen.nl
- {BLOCKED}usce.com
- {BLOCKED}ierkomon.com
- {BLOCKED}upblanc.gr
- {BLOCKED}oardjournal.com
- {BLOCKED}ingwheel.com
- {BLOCKED}tysspices.com
- {BLOCKED}ahome.co.uk
- {BLOCKED}ienbepthanhdat.com
- {BLOCKED}rsunindo.com
- {BLOCKED}essurecleaning.com
- {BLOCKED}-mediation.org
- {BLOCKED}stats.com
- {BLOCKED}oexin10.com
- {BLOCKED}hinadaydentalimplants.com
- {BLOCKED}ak.com
- {BLOCKED}developer.com
- {BLOCKED}onsultancy.com
- {BLOCKED}lecitydj.com
- {BLOCKED}dsrejserallinclusive.dk
- {BLOCKED}yman-silkeborg.dk
- {BLOCKED}enhaus-erfurt.de
- {BLOCKED}tron.com
- {BLOCKED}strom.com
- {BLOCKED}cine.de
- {BLOCKED}andseen.com
- {BLOCKED}financialservices.com
- {BLOCKED}rezprono.com
- {BLOCKED}mme.com
- {BLOCKED}e.co
- {BLOCKED}beauty-guides.com
- {BLOCKED}i.pe
- {BLOCKED}eleyezstripclub.com
- {BLOCKED}anviruses.org
- {BLOCKED}plettagaite.fr
- {BLOCKED}hovecounsellingpractice.co.uk
- {BLOCKED}dentalblue.com
- {BLOCKED}bilisateur.fr
- {BLOCKED}t.ag
- {BLOCKED}als.com
- {BLOCKED}intpt.com
- {BLOCKED}aribeaute-nani.com
- {BLOCKED}identity.com
- {BLOCKED}stomoveamerica.org
- {BLOCKED}vijesti.net
- {BLOCKED}gamarbella.com
- {BLOCKED}is-anne.com
- {BLOCKED}experts.de
- {BLOCKED}oboss163.ru:443
- {BLOCKED}tanwarehouse.co.uk
- {BLOCKED}iotherapierijnmond.nl
- {BLOCKED}tsportsequip.com
- {BLOCKED}terce.com
- {BLOCKED}haagfoodie.nl
- {BLOCKED}lavalentine.com
- {BLOCKED}chup-mag.com
- {BLOCKED}-gamer.pl
- {BLOCKED}rtmind.net
- {BLOCKED}ra-collectivites.com
- {BLOCKED}dsandloyalty.com
- {BLOCKED}ius.dk
- {BLOCKED}studio.academy
- {BLOCKED}o.net.au
- {BLOCKED}poracionrr.com
- {BLOCKED}denavigator.ch
- {BLOCKED}iano.fr
- {BLOCKED}utionshosting.co.uk
- {BLOCKED}eneyetattoo.com
- {BLOCKED}anroomequipment.ie
- {BLOCKED}dardleadership.org
- {BLOCKED}pergreenfarmcatering.com.au
- {BLOCKED}vidmag.com
- {BLOCKED}riotcleaning.net
- {BLOCKED}eshistoria.com
- {BLOCKED}somattonecase.it
- {BLOCKED}olibrerie.it
- {BLOCKED}uli.com.au
- {BLOCKED}iemaccreative.wordpress.com
- {BLOCKED}uktia.fi
- {BLOCKED}efoods.ro
- {BLOCKED}owieszczecin.pl
- {BLOCKED}turo.academy
- {BLOCKED}b.ch
- {BLOCKED}carefoundation.org
- {BLOCKED}a.se
- {BLOCKED}b865.com
- {BLOCKED}bscore.com
- {BLOCKED}g.me
- {BLOCKED}mtron.fr
- {BLOCKED}armeko-group.com
- {BLOCKED}ller.nl
- {BLOCKED}aftingalegacy.com
- {BLOCKED}zoekgod.be
- {BLOCKED}cquesgarcianoto.com
- {BLOCKED}inowarehousespace.com
- {BLOCKED}imemarineengineering.com
- {BLOCKED}shigangoly.com
- {BLOCKED}sa-poncon.fr
- {BLOCKED}ssocrm.com
- {BLOCKED}byard.com
- {BLOCKED}hikuchen.com
- {BLOCKED}imalfood-online.de
- {BLOCKED}acebel.be
- {BLOCKED}llegetennis.info
- {BLOCKED}nd2muscle.nl
- {BLOCKED}pcarrental.ae
- {BLOCKED}toeditores.com
- {BLOCKED}mac.com
- {BLOCKED}eoflightmusic.com
- {BLOCKED}ownswoodblog.com
- {BLOCKED}itesartemis.gr
- {BLOCKED}tesacademy.it
- {BLOCKED}tallbau-hartmann.eu
- {BLOCKED}-danmark.dk
- {BLOCKED}censoredhentaigif.com
- {BLOCKED}sane.agency
- {BLOCKED}uelakevision.com
- {BLOCKED}imation-pro.co.uk
- {BLOCKED}adforensics.com
- {BLOCKED}nelsonpediatrics.com
- {BLOCKED}bforsale.com
- {BLOCKED}ttalvor.com
- avis.{BLOCKED}a.it
- {BLOCKED}even.be
- {BLOCKED}etmcshane.com
- {BLOCKED}tactodirecto.com
- {BLOCKED}sregisteret.no
- {BLOCKED}luchesi.it
- {BLOCKED}onbooks.com
- {BLOCKED}i.ch
- {BLOCKED}t-m.ru
- {BLOCKED}tion-stills.co.uk
- {BLOCKED}nski.eu
- {BLOCKED}i.com
- {BLOCKED}bs.com
- {BLOCKED}tion-medical.online
- {BLOCKED}ools.ng
- {BLOCKED}okus.com
- {BLOCKED}s72.com
- {BLOCKED}ash.com
- {BLOCKED}s.info
- {BLOCKED}eakers.com
- {BLOCKED}team.com
- {BLOCKED}teplo.com
- {BLOCKED}erverein-vatterschule.de
- {BLOCKED}nimage.ae
- {BLOCKED}nergyinternational.com
- {BLOCKED}turbo.de
- {BLOCKED}ight.com
- {BLOCKED}root.co
- {BLOCKED}paneselesbian.com
- {BLOCKED}derland.nl
- {BLOCKED}pany.com
- {BLOCKED}cophilippines.com
- {BLOCKED}iopolitica.com
- {BLOCKED}u.fr
- {BLOCKED}etruck.de
- {BLOCKED}ored-shelves.com
- {BLOCKED}derbox.ch
- {BLOCKED}tha-frets-ceramics.nl
- {BLOCKED}howo.pl
- {BLOCKED}gletonfinancial.com
- {BLOCKED}icalduniya.com
- {BLOCKED}sioninthedesert.com
- {BLOCKED}autoinsurers.net
- {BLOCKED}n.ro
- {BLOCKED}o.ae
- {BLOCKED}aitspain.com
- {BLOCKED}artuplive.org
- {BLOCKED}ems-for-the-soul.ch
- {BLOCKED}edesign.com
- {BLOCKED}tturestaurante.com.br
- {BLOCKED}eamvoiceclub.org
- {BLOCKED}hop.design
- {BLOCKED}wthornsretirement.co.uk
- {BLOCKED}odentify.ai
- {BLOCKED}rkzeugtrolley.net
- {BLOCKED}ascd.com
- {BLOCKED}urnextshoes.com
- {BLOCKED}gvalue.com
- {BLOCKED}mollerpension.com
- {BLOCKED}ohous.com
- {BLOCKED}brh.com
- {BLOCKED}rickennedymacfoy.com
- {BLOCKED}eetz.fr
- {BLOCKED}etymichalovce.sk
- {BLOCKED}fx.pro
- {BLOCKED}tomealprep.academy
- {BLOCKED}sofare.co
- {BLOCKED}tteoruzzaofficial.com
- {BLOCKED}dishallgood.com
- {BLOCKED}chainchiuk.com
- {BLOCKED}xcube24.com.ua
- {BLOCKED}nsolutions.es
- {BLOCKED}lsigordon.com
- {BLOCKED}rdpress.idium.no
- {BLOCKED}ogeeconseils.fr
- {BLOCKED}scenter.com
- {BLOCKED}chal-s.co.il
- {BLOCKED}erich-umzug.ch
- {BLOCKED}ovefullcircle.com
- {BLOCKED}ninggibadan.co.id
- {BLOCKED}llyoart.com
- {BLOCKED}nitabeachassociation.com
- {BLOCKED}ryairbnb.wordpress.com
- {BLOCKED}rentsandkids.com
- {BLOCKED}binsurance.com
- {BLOCKED}yprogulka.ru
- {BLOCKED}c-eu.com
- {BLOCKED}lterman.es
- {BLOCKED}ible.co
- {BLOCKED}c24.com
- {BLOCKED}azi.eus
- {BLOCKED}damarfil.com
- {BLOCKED}ctoriareloj.com
- {BLOCKED}camoregreenapts.com
- {BLOCKED}uvelland-oaze.nl
- {BLOCKED}novationgames-brabant.nl
- {BLOCKED}ulanov.com
- {BLOCKED}r-stempelking.de
- {BLOCKED}stevirginia.com
- {BLOCKED}ofessionetata.com
- {BLOCKED}kecrm.com
- {BLOCKED}vomask.com
- {BLOCKED}rksideseniorliving.net
- {BLOCKED}lyginnikitav.000webhostapp.com
- {BLOCKED}det150ans.com
- {BLOCKED}lovecustomers.fr
- {BLOCKED}ikcoach.com
- {BLOCKED}diogiro.com.ar
- {BLOCKED}ristopherhannan.com
- {BLOCKED}tableacrepes-meaux.fr
- {BLOCKED}vbec.com
- {BLOCKED}re-space.com
- {BLOCKED}ighthillgroup.com
- {BLOCKED}moserescritor.com
- {BLOCKED}percarhire.co.uk
- {BLOCKED}x-interim-and-projectmanagement.com
- {BLOCKED}sinodepositors.com
- {BLOCKED}vancedeyecare.com
- {BLOCKED}triplica.academy
- {BLOCKED}otenmakerszwijndrecht.nl
- {BLOCKED}o-academy.com
- {BLOCKED}name.kz
- {BLOCKED}entedlair.com
- {BLOCKED}udionumerik.fr
- {BLOCKED}khjalmar.se
- {BLOCKED}epertgrafikweb.at
- {BLOCKED}stangmarketinggroup.com
- {BLOCKED}atek-immobilien.de
- {BLOCKED}rtsdiscountguns.com
- {BLOCKED}icjapanart.com
- {BLOCKED}rraflair.de
- {BLOCKED}ar.com
- {BLOCKED}sydental.ae
- {BLOCKED}ewsstar.com
- {BLOCKED}ysio-lang.de
- {BLOCKED}milivefurniture.com
- {BLOCKED}sisatonarim.com
- {BLOCKED}otographycreativity.co.uk
- {BLOCKED}onenjoen.fi
- {BLOCKED}erenambulancealkmaar.nl
- {BLOCKED}byaudiology.com
- {BLOCKED}ntingwell.com
- {BLOCKED}udaespiritualtamara.com
- {BLOCKED}lcpa.com
- {BLOCKED}chardkershawwines.co.za
- {BLOCKED}nukumbak.com
- {BLOCKED}thebackofthemoon.com
- {BLOCKED}troton.ru
- {BLOCKED}k-tp1.de
- {BLOCKED}bkiwi.com.ng
- {BLOCKED}urhappyevents.fr
- {BLOCKED}naldhendriks.nl
- {BLOCKED}ndel-partner.de
- {BLOCKED}ag-blog.de
- {BLOCKED}dkopingsnytt.nu
- {BLOCKED}lonlamar.nl
- {BLOCKED}graph.fr
- {BLOCKED}rthplacemag.com
- {BLOCKED}graphisme.fr
- {BLOCKED}llymccarthydesign.com
- {BLOCKED}te.markkit.com.br
- {BLOCKED}cadagofis.com
- {BLOCKED}srl.it
- {BLOCKED}ur-ways.com
- {BLOCKED}-elka.ru
- {BLOCKED}llity.hu
- {BLOCKED}occolisoep.nl
- {BLOCKED}lleepollee.com
- {BLOCKED}dwestschool.org
- {BLOCKED}tormmcosta.com
- {BLOCKED}enceassemble.fr
- {BLOCKED}actusnhlstenden.com
- {BLOCKED}v-f.de
- {BLOCKED}2fly.com
- {BLOCKED}tionnewsroom.com
- {BLOCKED}sprop.com
- {BLOCKED}etbalhoogeveen.nl
- {BLOCKED}rbouwingsdouche.nl
- {BLOCKED}yshoreelite.com
- {BLOCKED}riannelemenestrel.com
- {BLOCKED}aftstone.co.nz
- {BLOCKED}isodentalcare.com
- {BLOCKED}int-malo-developpement.fr
- {BLOCKED}linetvgroup.com
- {BLOCKED}orgemuncey.com
- {BLOCKED}legationhub.com
- {BLOCKED}itkeramika-shop.com.ua
- {BLOCKED}ringfieldplumbermo.com
- {BLOCKED}demurray.com
- {BLOCKED}mbaglow.com
- {BLOCKED}trographic.com
- {BLOCKED}idalcave.com
- {BLOCKED}tcalfe.ca
- {BLOCKED}terlinkone.com
- {BLOCKED}rinkingplanet.com
- {BLOCKED}plora.nl
- {BLOCKED}sondriversforwindows.com
- {BLOCKED}n.nu
- {BLOCKED}izenmetkinderen.be
- {BLOCKED}tchstyle.co.uk
- {BLOCKED}audiakilian.de
- {BLOCKED}riturismocastagneto.it
- {BLOCKED}reelements.nl
- {BLOCKED}sajjongeren.nl
- {BLOCKED}lade.nl
- {BLOCKED}erbaycanas.com
- {BLOCKED}lotgreen.com
- {BLOCKED}playwin3.com
- {BLOCKED}nenymus.com
- {BLOCKED}eneulberg.de
- {BLOCKED}ukaip.ru
- {BLOCKED}ticahubertruiz.com
- {BLOCKED}hroederschoembs.com
- {BLOCKED}shandbrowenvy.com
- {BLOCKED}emiumweb.com.ua:443
- {BLOCKED}zift.dk
- {BLOCKED}hactors.com
- {BLOCKED}ardcentraal.nl
- {BLOCKED}veyourheartout.co
- {BLOCKED}annbornfastigheter.se
- {BLOCKED}lligeflybilletter.dk
- {BLOCKED}ectricianul.com
- {BLOCKED}iarista.de
- {BLOCKED}ndgoedspica.nl
- {BLOCKED}inx.com
- {BLOCKED}llthewrightway.com
- {BLOCKED}setsanitas.dk
- {BLOCKED}novationgames-brabant.nl
- {BLOCKED}0.dk
- {BLOCKED}thakapitalforvaltning.dk
- {BLOCKED}nkxgayvideoawards.com
- {BLOCKED}latee-couture.com
- {BLOCKED}tering.com
- {BLOCKED}elielecompte.wordpress.com
- {BLOCKED}tocontatto.net
- {BLOCKED}chardiv.com
- {BLOCKED}oweb.software
- {BLOCKED}erapybusinessacademy.com
- {BLOCKED}ok.academy
- {BLOCKED}traz.pl
- {BLOCKED}loria.de
- {BLOCKED}auty-traveller.com
- {BLOCKED}uticmarine.dk
- {BLOCKED}ralsund-ansichten.de
- {BLOCKED}obal-migrate.com
- {BLOCKED}tassociation.com
- {BLOCKED}lldeeke.de
- {BLOCKED}iagoperez.com
- {BLOCKED}nstarrsoccer.com
- {BLOCKED}n.nl
- {BLOCKED}rca.net
- {BLOCKED}ohedd.com
- {BLOCKED}obalskills.pt
- {BLOCKED}tzen-reinigen.com
- {BLOCKED}rserviceunlimited.com
- {BLOCKED}otlandsroute66.co.uk
- {BLOCKED}bcleaner.fr
- {BLOCKED}yboundnutrition.co.uk
- {BLOCKED}idpiping.de
- {BLOCKED}hetrabalhos.com
- {BLOCKED}i-france.fr
- {BLOCKED}verpoolabudhabi.ae
- {BLOCKED}rgroup.it
- {BLOCKED}carrot.com
- {BLOCKED}nedrinkdetroit.com
- {BLOCKED}ortowebdesign.com
- {BLOCKED}lielusktherapy.com
- {BLOCKED}notruckwreckers.com.au
- {BLOCKED}tton-avenue.co.il
- {BLOCKED}eatre-embellie.fr
- {BLOCKED}waiisteelbuilding.com
- {BLOCKED}verfiestas.com.es
- {BLOCKED}mpinglaforetdetesse.com
- {BLOCKED}aitware.com
- {BLOCKED}uzfluzrewards.com
- {BLOCKED}lynine.com
- {BLOCKED}okooo.com
- {BLOCKED}opoldineroux.com
- {BLOCKED}thler.nl
- {BLOCKED}ofibersan.com
- {BLOCKED}nsleymarketing.com
- {BLOCKED}e5thquestion.com
- {BLOCKED}hlagbohrmaschinetests.com
- {BLOCKED}vinsburger.fr
- {BLOCKED}abamaroofingllc.com
- {BLOCKED}ende-pflanzenparadies.de
- {BLOCKED}mphishealthandwellness.com
- {BLOCKED}trx.com
- {BLOCKED}relinjames.com
- {BLOCKED}ride.live
- {BLOCKED}mrutkuyutemel.com
- {BLOCKED}rfectgrin.com
- {BLOCKED}ita.ac
- {BLOCKED}nksrl.co.za
- {BLOCKED}hluesseldienste-hannover.de
- {BLOCKED}xx-repair.com
- {BLOCKED}linemarketingsurgery.co.uk
- {BLOCKED}liak.com
- {BLOCKED}toblog.org
- {BLOCKED}ennverschueren.be
- {BLOCKED}ock-optic.com
- {BLOCKED}mounie.com
- {BLOCKED}ggestar.ch
- {BLOCKED}aginekithomes.co.nz
- {BLOCKED}meswilliamspainting.com
- {BLOCKED}ringnosis.academy
- {BLOCKED}eedekansenloket.nl
- {BLOCKED}zmata.com
- {BLOCKED}olaiamedispa.com
- {BLOCKED}ranjtuition.org
- {BLOCKED}alcon.ae
- {BLOCKED}adomus.com
- {BLOCKED}eenrider.nl
- {BLOCKED}orusconsulting.net
- {BLOCKED}uiedager.com
- {BLOCKED}yandzac.com
- {BLOCKED}strifresh.com
- {BLOCKED}tiscapes-art.com
- {BLOCKED}achpreneuracademy.com
- {BLOCKED}tyoveges.com
- {BLOCKED}delitytitleoregon.com
- {BLOCKED}obbqchicken.ca
- {BLOCKED}encewho-aixenprovence.fr
- {BLOCKED}ueridgeheritage.com
- {BLOCKED}bbalucious.com
- {BLOCKED}tameble.pl
- {BLOCKED}lfclublandgoednieuwkerk.nl
- {BLOCKED}vermusic.nl
- {BLOCKED}vanced-removals.co.uk
- {BLOCKED}nida.it
- {BLOCKED}scinarosa33.it
- {BLOCKED}kfdyrehospital.dk
- {BLOCKED}dsegaard.dk
- {BLOCKED}counter-p.net
- {BLOCKED}waba-safaris.com
- {BLOCKED}zelle-du-web.com
- {BLOCKED}rsall.de
- {BLOCKED}sep2019.com
- 11.{BLOCKED}n.ua
- {BLOCKED}yvisionglobal.com
- {BLOCKED}lsupportco.com
- {BLOCKED}erplakky.nl
- {BLOCKED}bird.dk
- {BLOCKED}tor-durban.com
- {BLOCKED}ter-p.net
- {BLOCKED}ealth.net
- {BLOCKED}anboennelykke.dk
- {BLOCKED}mbh.com
- {BLOCKED}withleslie.com
- {BLOCKED}eper.li
- {BLOCKED}titutionalfunds.com
- {BLOCKED}saints.academy
- {BLOCKED}o.pro
- {BLOCKED}uhrambutkeiskei.com
- {BLOCKED}pieces-auto.fr
- {BLOCKED}guides.eu
- {BLOCKED}igns.com
- {BLOCKED}foto.dk
- {BLOCKED}vent.ru
- {BLOCKED}corting.com
- {BLOCKED}ssenreden.com
- {BLOCKED}ine.ru
- {BLOCKED}breaths.com
- {BLOCKED}elfairy.com
- {BLOCKED}roskitour.com
- {BLOCKED}hnologies.net
- {BLOCKED}mputers.com
- {BLOCKED}telyouth.com
- {BLOCKED}xbleus.net
- {BLOCKED}n.nl
- {BLOCKED}a.com.ua
- {BLOCKED}rgosbit-rp.ru
- {BLOCKED}nystar.com
- {BLOCKED}enne-styling.nl
- {BLOCKED}merslivinglively.com
- {BLOCKED}tomroasts.com
- {BLOCKED}oteamlast.de
- {BLOCKED}nsifer.fr
- {BLOCKED}erives-sur-vareze.fr
- {BLOCKED}neridgemontessori.com
- {BLOCKED}rgenblaetz.de
- {BLOCKED}-barn.co.uk
- {BLOCKED}verselle.fr
- {BLOCKED}fiz.com
- {BLOCKED}ielyn.com
- {BLOCKED}rlesfrancis.photos
- {BLOCKED}cargandoprogramas.com
- {BLOCKED}dmmusiccenter.com
- {BLOCKED}ide.com
- {BLOCKED}ydogslife.com
- {BLOCKED}igas.com
- {BLOCKED}kalflot.ru
- {BLOCKED}tch-n-bitch.com
- {BLOCKED}balloons.com
- {BLOCKED}ebusiness.com
- {BLOCKED}bible.org
- {BLOCKED}tgrinsteadwingchun.com
- {BLOCKED}ncanariaregional.com
- {BLOCKED}age-webzine.nl
- {BLOCKED}gestar.ch
- {BLOCKED}ced.com
- {BLOCKED}htenplicht.be
- {BLOCKED}ocrossplace.co.uk
- {BLOCKED}pycatering.de
- {BLOCKED}nlaw-okc.com
- {BLOCKED}camp.com
- {BLOCKED}-elec.com
- {BLOCKED}rtsalemap.com
- {BLOCKED}mccallum.com
- {BLOCKED}ovrienden.nl
- {BLOCKED}esa.com
- {BLOCKED}pylublog.wordpress.com
- {BLOCKED}ligemsehondenschool.be
- {BLOCKED}vi-vl.ru
- {BLOCKED}ehartman.nl
- {BLOCKED}esiberie.com
- {BLOCKED}tinipstudios.com
- {BLOCKED}ernalresults.com
- {BLOCKED}eroes.dk
- {BLOCKED}selbeton.nl
- {BLOCKED}ivfriskcenter.se
- {BLOCKED}rchier.org
- {BLOCKED}sette.com
- {BLOCKED}lish.ae
- {BLOCKED}ected-minds.de
- {BLOCKED}firstdelray.com
- {BLOCKED}dormobile.fr
- {BLOCKED}29010.it
- {BLOCKED}extimes.ru
- {BLOCKED}xplored.gr
- {BLOCKED}cinnatiphotocompany.org
- {BLOCKED}-frisor.dk
- {BLOCKED}al-pictures.com
- {BLOCKED}ssmoordental.com
- {BLOCKED}isghauri.com
- {BLOCKED}go.com
- {BLOCKED}m02pro.com
- {BLOCKED}nergo.eu
- {BLOCKED}inofhopeeurope.eu
- {BLOCKED}erpromote.de
- {BLOCKED}marabasin.com
- {BLOCKED}cermonticello.com
- {BLOCKED}mdalbygg.no
- {BLOCKED}-i-pure-impulse.com
- {BLOCKED}vselsguide.dk
- {BLOCKED}iahub.co.nz
- {BLOCKED}aysdc.com
- {BLOCKED}ernia-conseil.fr
- {BLOCKED}ecorp.com
- {BLOCKED}sunlimitedguide.com
- {BLOCKED}evannye.ru
- {BLOCKED}ohomes.com
- {BLOCKED}ajenedesigns.com
- {BLOCKED}sdoin-aquarelles.fr
- {BLOCKED}sionatblago.ru
- {BLOCKED}a.co.uk
- {BLOCKED}kapuu.net
- {BLOCKED}icademy.com
- {BLOCKED}skolinslimeffect.net
- {BLOCKED}akluckrecords.com
- {BLOCKED}ulz-moelln.de
- {BLOCKED}etech.academy
- {BLOCKED}dc.org
- {BLOCKED}4cdi.com
- {BLOCKED}perdanismanlik.com
- {BLOCKED}ectus.com
- {BLOCKED}mofficial.nl
- {BLOCKED}y-cloisons.fr
- {BLOCKED}pert99.com
- {BLOCKED}ova.sk
- {BLOCKED}olynfriedlander.com
- {BLOCKED}worx.de
- {BLOCKED}msegeln.ch
- {BLOCKED}ethicsport.eu
- {BLOCKED}sprettyhair.com
- {BLOCKED}lscars.net
- {BLOCKED}ctei.co
- {BLOCKED}dsparkescape.com
- {BLOCKED}denpartner.pl
- {BLOCKED}forsites.com
- {BLOCKED}dfuelers.com
- {BLOCKED}ncacu.com
- {BLOCKED}cisetemp.com
- {BLOCKED}brazil.com
- {BLOCKED}osindustries.com
- {BLOCKED}kacare.com
- {BLOCKED}-horlogerie.com
- {BLOCKED}ernestdigital.com
- {BLOCKED}verwynkoopdentist.com
- {BLOCKED}cuit-diagramz.com
- {BLOCKED}yanakopieva.ru
- {BLOCKED}itudeboise.com
- {BLOCKED}amode.com
- {BLOCKED}memyballs.com
- {BLOCKED}group.pt
- {BLOCKED}guyentuan.com
- {BLOCKED}ndatwentytwenty.com
- {BLOCKED}nkdoepke.eu
- {BLOCKED}weringsun.org
- {BLOCKED}kbuilding.life
- {BLOCKED}manson.com
- {BLOCKED}ut.online
- {BLOCKED}scanner.ro
- {BLOCKED}standingminialbums.com
- {BLOCKED}zar.com
- {BLOCKED}poniasafaris.com
- {BLOCKED}deevents.be
- {BLOCKED}rttourism.academy
- {BLOCKED}hardbrickwork.com
- {BLOCKED}ershell.su
- {BLOCKED}dhpest.com
- {BLOCKED}rlottelhanna.com
- {BLOCKED}iveterroristwarningcompany.com
- {BLOCKED}pusescalade.com
- {BLOCKED}ecologicos.com
- {BLOCKED}land.ru
- {BLOCKED}atek.com
- {BLOCKED}tconf.com
- {BLOCKED}starvation.com
- {BLOCKED}ge-infirmier.fr
- {BLOCKED}es-geldvergleich.de
- {BLOCKED}lg24.online
- {BLOCKED}rtworkplaza.com
- {BLOCKED}gboerderijravensbosch.nl
- {BLOCKED}rello.nl
- {BLOCKED}terscan.de
- {BLOCKED}ns.com
- {BLOCKED}mier-iowa.com
- {BLOCKED}a-france.fr
- {BLOCKED}tfeldt.dk
- {BLOCKED}battoirs.org
- {BLOCKED}zel.tn
- {BLOCKED}dan.com
- {BLOCKED}lessrealms.net
- {BLOCKED}ater-lueneburg.de
- {BLOCKED}bap.de
- {BLOCKED}uskontur.com
- {BLOCKED}itale-elite.de
- {BLOCKED}nazepamblog.com
- {BLOCKED}zytana.com
- {BLOCKED}jyuku-sozoku.com
- {BLOCKED}boardroomafrica.com
- {BLOCKED}ama.ac
- {BLOCKED}ngmehope.org
- {BLOCKED}onestop.com
- {BLOCKED}candy.com
- {BLOCKED}auchs-wanderlust.info
- {BLOCKED}lunkartano.fi
- {BLOCKED}tallabor-luenen.de
- {BLOCKED}tberlin.de
- {BLOCKED}-international.com
- {BLOCKED}grinningmanmusical.com
- {BLOCKED}id5kloan.org
- {BLOCKED}tourage.com
- {BLOCKED}vait.fr
- {BLOCKED}nsonweekly.com
- {BLOCKED}quercy.fr
- {BLOCKED}n.ru
- {BLOCKED}iniumacademy.com
- {BLOCKED}-ziinoapte-6ld.ro
- {BLOCKED}rlabretagne.bzh
- {BLOCKED}tuindonesia.com
- {BLOCKED}leshopping.it
- {BLOCKED}ensed-public-adjuster.com
- {BLOCKED}egoodfellow.co.uk
- {BLOCKED}centers.com
- {BLOCKED}slaw-narty.pl
- {BLOCKED}tastoy.store
- {BLOCKED}en-praxisklinik-rostock.de
- {BLOCKED}o-opel.ro
- {BLOCKED}nleyqualitysystems.com
- {BLOCKED}elika-schwarz.com
- {BLOCKED}star.com
- {BLOCKED}eghlim.com
- {BLOCKED}rdeenartwalk.org
- {BLOCKED}ntosvirtualesexitosos.com
- {BLOCKED}nodi.be
- {BLOCKED}luttz.com
- {BLOCKED}-80abehgab4ak0ddz.xn--p1ai
- {BLOCKED}madolhealth.com
- {BLOCKED}paperwork.eu
- {BLOCKED}ectique.com
- {BLOCKED}2040.com
- {BLOCKED}ildinghomes.com
- {BLOCKED}comedical.de
- {BLOCKED}estors.org
- {BLOCKED}nyhooley.com
- {BLOCKED}tterchatterchatter.com
- {BLOCKED}presory-opravy.com
- {BLOCKED}roprime.com
- {BLOCKED}menconsultingcompany.com
- {BLOCKED}acheck.co.za
- {BLOCKED}ygreenbiomedservices.com
- {BLOCKED}elsmirrorus.com
- {BLOCKED}ohn.de
- {BLOCKED}lgrinderpt.com
- {BLOCKED}chbiz.com
- {BLOCKED}nstitute.org
- {BLOCKED}xwenzel.de
- {BLOCKED}arage.com
- {BLOCKED}iplan.ru
- {BLOCKED}s4causes.org
- {BLOCKED}intellect.edu.pk
- {BLOCKED}gen.com
- {BLOCKED}ndseeing.net
- {BLOCKED}staffing.com
- {BLOCKED}iabolmong.com
- {BLOCKED}eltantra.com
- {BLOCKED}ema.gr
- {BLOCKED}in-somnium.de
- {BLOCKED}chwoodmarketing.com
- {BLOCKED}ten-vochtbestrijding.be
- {BLOCKED}tofurniture.com
- {BLOCKED}taroundthecornerpetsit.com
- {BLOCKED}ubrybak.com
- go.{BLOCKED}ni.ch
- {BLOCKED}illionaires.net
- {BLOCKED}yagro.com.ua
- {BLOCKED}uralhousingstudies.org
- {BLOCKED}l.it
- {BLOCKED}covka.ru
- {BLOCKED}se.com
- {BLOCKED}i.ru
- {BLOCKED}eiligenstadt.de
- {BLOCKED}iksy.net
- {BLOCKED}holics.in
- {BLOCKED}serei-hannover.de
- {BLOCKED}rvisions-id.com
- {BLOCKED}rium.com
- {BLOCKED}herbalhealth.com
- {BLOCKED}rugcleaningnyc.com
- {BLOCKED}others.com
- {BLOCKED}-saint-flour.fr
- {BLOCKED}abitare.com
- {BLOCKED}ystownhouse.com
- {BLOCKED}enmattgarage.ch
- {BLOCKED}gostar.co
- {BLOCKED}isacteur.fr
- {BLOCKED}supremegarcinia.net
- {BLOCKED}iasmali.net
- {BLOCKED}orgenstern.com
- {BLOCKED}digmlandscape.com
- {BLOCKED}ilkroadny.com
- {BLOCKED}thebettertolivebetter.com
- {BLOCKED}erinealy.com
- {BLOCKED}tamovers.com
- {BLOCKED}forest.net
- {BLOCKED}inya.net
- {BLOCKED}eados.com
- {BLOCKED}ec-international.es
- {BLOCKED}ebizadvocates.org
- {BLOCKED}anmarketing.com
- {BLOCKED}matelifesource.com
- {BLOCKED}etawaycollective.com
- {BLOCKED}drivingschool.com.au
- {BLOCKED}a.plus
- {BLOCKED}eshift.it
- {BLOCKED}lakatjaya.com
- {BLOCKED}royals.com
- {BLOCKED}vedealers.ru
- {BLOCKED}stopsmoking.co.uk
- {BLOCKED}us.ca
- {BLOCKED}xtherapy.site
- {BLOCKED}la.dk
- {BLOCKED}ngismyyoga.com
- {BLOCKED}gruppe.ch
- {BLOCKED}ialtyhomeservicesllc.com
- {BLOCKED}alta.com
- {BLOCKED}hieupetel.fr
- {BLOCKED}alpa.com
- {BLOCKED}pinger-teppichreinigung.de
- {BLOCKED}dersnapsen.dk
- {BLOCKED}renetworking.com
- {BLOCKED}tg.org
- {BLOCKED}ntcoach.com
- {BLOCKED}thebell.website
- {BLOCKED}slubna.com
- {BLOCKED}ogz.de
- {BLOCKED}gus.fr
- {BLOCKED}aonline.com
- {BLOCKED}nda.af
- {BLOCKED}davisphotos.com
- {BLOCKED}koen.com
- {BLOCKED}ppi.fi
- {BLOCKED}ienessa.com
- {BLOCKED}tzuchia.com
- {BLOCKED}nce-refle.com
- {BLOCKED}virksomhed.dk
- {BLOCKED}k.digital
- {BLOCKED}javertailut.net
- {BLOCKED}upe.com
- {BLOCKED}ndchallenger.com
- {BLOCKED}e.com
- {BLOCKED}encyconsulting.es
- {BLOCKED}endsgoal.site
- {BLOCKED}cristescu.com
- {BLOCKED}rcashsystem.com
- {BLOCKED}a.com
- {BLOCKED}tter.nl
- {BLOCKED}eniste.com
- {BLOCKED}tdecor.com
- {BLOCKED}osextras.online
- {BLOCKED}e-entertainment.com
- {BLOCKED}victoria.com
- {BLOCKED}u.futbol
- {BLOCKED}-landliebe.de
- {string 1}:
- wp-content
- include
- content
- uploads
- static
- admin
- data
- news
- {string 2}:
- images
- pictures
- image
- temp
- tmp
- graphic
- assets
- pics
- game
- {string 3}:
- jpg
- png
- gif
ランサムウェアの不正活動
マルウェアは、ファイル名に以下の文字列を含むファイルの暗号化はしません。
- File extensions:
- key
- shs
- 386
- lnk
- cur
- ocx
- nomedia
- rtp
- msstyles
- msu
- rom
- hlp
- scr
- theme
- exe
- msc
- wpx
- lock
- ico
- bat
- cab
- adv
- diagcfg
- idx
- cpl
- dll
- ps1
- mod
- msp
- themepack
- bin
- ics
- msi
- diagcab
- ani
- nls
- com
- ldf
- deskthemep
- prf
- spl
- hta
- mpa
- sys
- icl
- icns
- cmd
- drv
- diagpkg
- File name:
- ntuser.ini
- autorun.inf
- bootsect.bak
- ntldr
- ntuser.dat.log
- ntuser.dat
- bootfont.bin
- iconcache.db
- thumbs.db
- boot.ini
- desktop.ini
マルウェアは、以下のフォルダ内で確認されたファイルの暗号化はしません。
- msocache
- $recycle.bin
- perflogs
- intel
- boot
- mozilla
- tor browser
- $windows.~bt
- windows
- windows.old
- $windows.~ws
- application data
- system volume information
- appdata
マルウェアは、暗号化されたファイルのファイル名に以下の拡張子を追加します。
- .{random characters}
マルウェアが作成する以下のファイルは、脅迫状です。
- {encrypted folder}\{appended ransom extension}-readme.txt
マルウェアは、以下の内容を含む脅迫状のテキストファイルを残します。
対応方法
対応検索エンジン: 9.850
初回 VSAPI パターンバージョン 15.474.02
初回 VSAPI パターンリリース日 2019年11月4日
VSAPI OPR パターンバージョン 15.475.00
VSAPI OPR パターンリリース日 2019年11月5日
手順 1
トレンドマイクロの機械学習型検索は、マルウェアの存在を示す兆候が確認された時点で検出し、マルウェアが実行される前にブロックします。機械学習型検索が有効になっている場合、弊社のウイルス対策製品はこのマルウェアを以下の機械学習型検出名として検出します。
-
Troj.Win32.TRX.XXPE50FFF032
手順 2
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 3
このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム(OS)の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル/フォルダ/レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。
手順 4
Windowsをセーフモードで再起動します。
[ 詳細 ]
手順 5
「Ransom.Win32.SODINOKIBI.ASDKI」で検出したファイル名を確認し、そのファイルを終了します。
[ 詳細 ]
- すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
- 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。 - 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。
手順 6
不明なレジストリキーを削除します。
[ 詳細 ]
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
手順 7
以下のファイルを検索し削除します。
[ 詳細 ]
コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。 - %User Temp%\{random characters}.bmp → ransom wallpaper
- {encrypted folder}\{appended ransom extension}-readme.txt → ransom note
手順 8
デスクトッププロパティを修正します。
[ 詳細 ]
手順 12
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「Ransom.Win32.SODINOKIBI.ASDKI」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 13
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「Ransom.Win32.SODINOKIBI.ASDKI」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください