TrojanSpy.Win32.EMOTET.TBFHQ
Windows
マルウェアタイプ:
スパイウェア/情報窃取型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
スパイウェアは、以下のプロセスを追加します。
- powershell -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
他のシステム変更
スパイウェアは、以下のファイルを改変します。
- %System Root%\Python27\Lib\StringIO.py
- %System Root%\Python27\Lib\urlparse.pyc
- %System Root%\Python27\include\structseq.h
- %System Root%\Python27\Lib\contextlib.pyc
- %System Root%\Python27\include\cobject.h
- %System Root%\Python27\Lib\zipfile.pyc
- %System Root%\Python27\include\Python-ast.h
- %System Root%\Python27\libs\libpython27.a
- %System Root%\Python27\Lib\htmllib.py
- %System Root%\Python27\Lib\mhlib.py
- %System Root%\Python27\Lib\threading.py
- %System Root%\Python27\Lib\gzip.py
- %System Root%\excel2k\XLS2KE00.xlt
- %System Root%\Python27\Lib\optparse.pyc
- %System Root%\Python27\Lib\cProfile.py
- %System Root%\Python27\Lib\io.pyc
- %System Root%\Python27\include\ast.h
- %System Root%\excel2k\XLS2KE05.xls
- %System Root%\Python27\Lib\UserString.py
- %System Root%\Python27\include\complexobject.h
- %System Root%\Python27\include\objimpl.h
- %System Root%\Python27\include\traceback.h
- %System Root%\Python27\Lib\traceback.py
- %System Root%\Python27\libs\bz2.lib
- %System Root%\Python27\include\cellobject.h
- %System Root%\Python27\include\unicodeobject.h
- %System Root%\Python27\Lib\fractions.pyc
- %System Root%\Users\Default\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
- %System Root%\word2k\DOC2KE03.doc
- %System Root%\Python27\Lib\posixfile.py
- %System Root%\Python27\Lib\UserDict.pyc
- %System Root%\Python27\Lib\Cookie.py
- %System Root%\Python27\libs\_hashlib.lib
- %System Root%\Python27\Lib\hashlib.py
- %System Root%\Python27\include\pythonrun.h
- %System Root%\Python27\Lib\wave.py
- %System Root%\Python27\Lib\rfc822.py
- %System Root%\Recovery\{GUID}\Winre.wim
- %System Root%\Python27\Lib\_LWPCookieJar.pyc
- %System Root%\Python27\libs\pyexpat.lib
- %System Root%\Python27\DLLs\_msi.pyd
- %System Root%\Python27\Lib\io.py
- %System Root%\Python27\libs\_testcapi.lib
- %System Root%\Python27\Lib\keyword.py
- %System Root%\Python27\Lib\copy.pyc
- %System Root%\Python27\Lib\pickletools.py
- %System Root%\Python27\Lib\Queue.pyc
- %System Root%\Python27\Lib\difflib.py
- %System Root%\Python27\Lib\dbhash.py
- %System Root%\Python27\Lib\shlex.pyc
- %System Root%\Python27\Lib\ntpath.py
- %System Root%\Python27\Lib\trace.py
- %System Root%\Python27\Lib\fnmatch.py
- %System Root%\Python27\Lib\markupbase.py
- %System Root%\Python27\Lib\types.py
- %System Root%\Python27\include\pystate.h
- %System Root%\Python27\include\pydebug.h
- %System Root%\Python27\Lib\string.pyc
- %System Root%\Python27\include\enumobject.h
- %System Root%\Python27\include\pgenheaders.h
- %System Root%\Python27\Lib\base64.pyc
- %System Root%\Python27\Lib\base64.py
- %System Root%\Python27\Lib\SocketServer.py
- %System Root%\Python27\Lib\struct.py
- %System Root%\Python27\Lib\compileall.py
- %System Root%\Python27\Lib\_LWPCookieJar.py
- %System Root%\Python27\Lib\abc.pyc
- %System Root%\Python27\Lib\dis.py
- %System Root%\Python27\include\osdefs.h
- %System Root%\Python27\Lib\Cookie.pyc
- %System Root%\Python27\include\compile.h
- %System Root%\Python27\Lib\uuid.py
- %System Root%\Python27\Lib\_MozillaCookieJar.py
- %System Root%\Python27\Lib\functools.py
- %System Root%\Python27\Lib\mimetools.py
- %System Root%\Python27\Lib\xdrlib.py
- %System Root%\Python27\include\node.h
- %System Root%\Python27\Lib\atexit.py
- %System Root%\Python27\Lib\heapq.py
- %System Root%\Python27\include\longintrepr.h
- %System Root%\Python27\Lib\sre_parse.pyc
- %System Root%\Python27\Lib\xmlrpclib.py
- %User Profile%\NTUSER.DAT{{GUID}}.TM.blf
- %System Root%\Python27\include\datetime.h
- %System Root%\Python27\Lib\toaiff.py
- %System Root%\Python27\Lib\bisect.py
- %System Root%\Python27\Lib\sysconfig.pyc
- %System Root%\Python27\include\stringobject.h
- %System Root%\Python27\Lib\BaseHTTPServer.pyc
- %System Root%\Python27\Lib\sre.py
- %System Root%\Python27\libs\_elementtree.lib
- %System Root%\Python27\Lib\runpy.pyc
- %System Root%\Python27\Lib\cgitb.py
- %System Root%\Python27\Lib\mailcap.py
- %System Root%\Python27\Lib\mimify.py
- %System Root%\Python27\Lib\genericpath.pyc
- %System Root%\Python27\Lib\copy_reg.py
- %System Root%\Python27\Lib\pydoc.py
- %System Root%\Python27\Lib\uu.py
- %System Root%\Python27\Lib\weakref.py
- %System Root%\Python27\libs\_multiprocessing.lib
- %System Root%\Python27\Lib\statvfs.py
- %System Root%\Python27\Lib\gzip.pyc
- %System Root%\Python27\include\pymacconfig.h
- %System Root%\Python27\Lib\imghdr.py
- %System Root%\Python27\include\pyerrors.h
- %System Root%\Python27\Lib\httplib.py
- %System Root%\Python27\Lib\collections.pyc
- %System Root%\Python27\Lib\imaplib.py
- %System Root%\Python27\include\intobject.h
- %System Root%\powerpoint2k\PPT2KE01.ppt
- %System Root%\powerpoint2k\PPT2KE03.ppt
- %System Root%\Python27\Lib\getopt.pyc
- %System Root%\Python27\Doc\python2715.chm
- %System Root%\Python27\Lib\getpass.py
- %System Root%\Python27\Lib\sha.py
- %System Root%\Python27\Lib\uu.pyc
- %System Root%\Python27\Lib\sre_constants.py
- %System Root%\word2k\DOC2KExx.doc
- %System Root%\Python27\Lib\tabnanny.py
- %System Root%\Python27\include\pystrtod.h
- %System Root%\Python27\include\marshal.h
- %System Root%\excel2k\XLS2KE02.xls
- %System Root%\excel2k\XLS2KE01.xls
- %System Root%\Python27\Lib\new.py
- %System Root%\Python27\libs\_ctypes.lib
- %System Root%\Python27\Lib\types.pyc
- %System Root%\set_hostname.vbs
- %System Root%\Python27\include\pyexpat.h
- %System Root%\Python27\Lib\compileall.pyc
- %System Root%\Python27\Lib\markupbase.pyc
- %System Root%\Python27\Lib\binhex.py
- %System Root%\Python27\include\floatobject.h
- %System Root%\Python27\Lib\getpass.pyc
- %System Root%\Python27\libs\python27.lib
- %System Root%\word2k\DOC2KE05.doc
- %System Root%\Python27\Lib\multifile.py
- %System Root%\Python27\Lib\atexit.pyc
- %System Root%\Python27\include\memoryobject.h
- %System Root%\Python27\Lib\_pyio.py
- %System Root%\Python27\Lib\traceback.pyc
- %System Root%\Python27\Lib\mailbox.py
- %System Root%\Python27\Lib\SimpleHTTPServer.py
- %System Root%\Python27\libs\unicodedata.lib
- %System Root%\Python27\Lib\ConfigParser.py
- %System Root%\Python27\Lib\_abcoll.pyc
- %System Root%\Python27\Lib\quopri.pyc
- %System Root%\Python27\Lib\locale.pyc
- %System Root%\Python27\Lib\popen2.py
- %System Root%\Python27\Lib\urllib2.pyc
- %System Root%\Python27\Lib\netrc.pyc
- %System Root%\Python27\Lib\struct.pyc
- %System Root%\Python27\Lib\os.py
- %System Root%\Python27\Lib\abc.py
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
- %System Root%\Python27\Lib\asynchat.py
- %System Root%\Python27\include\opcode.h
- %System Root%\Email and Password List.vbs
- %System Root%\Python27\Lib\macurl2path.py
- %System Root%\Python27\include\import.h
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
- %System Root%\powerpoint2k\PPT2KExx.PPT
- %System Root%\Python27\DLLs\winsound.pyd
- %System Root%\Python27\Lib\httplib.pyc
- %System Root%\Python27\Lib\pickle.py
- %System Root%\Python27\Lib\bisect.pyc
- %System Root%\Python27\Lib\urllib.pyc
- %System Root%\Python27\include\code.h
- %System Root%\Python27\Lib\token.pyc
- %System Root%\Python27\include\listobject.h
- %System Root%\Python27\include\pgen.h
- %System Root%\Python27\DLLs\_sqlite3.pyd
- %System Root%\Python27\include\pyport.h
- %System Root%\Python27\include\pycapsule.h
- %System Root%\Python27\Lib\linecache.py
- %System Root%\Python27\include\bytesobject.h
- %System Root%\Python27\Lib\stat.pyc
- %System Root%\Python27\Lib\Queue.py
- %System Root%\Python27\Lib\xmlrpclib.pyc
- %System Root%\Python27\Lib\sre_compile.py
- %System Root%\Python27\Lib\getopt.py
- %System Root%\Python27\Lib\platform.py
- %System Root%\Python27\Lib\webbrowser.py
- %System Root%\Python27\Lib\urllib2.py
- %System Root%\Python27\Lib\argparse.py
- %System Root%\Python27\Lib\__future__.pyc
- %System Root%\Python27\Lib\textwrap.pyc
- %System Root%\Python27\Lib\filecmp.py
- %System Root%\Python27\Lib\weakref.pyc
- %System Root%\Python27\Lib\sndhdr.py
- %System Root%\Python27\include\frameobject.h
- %System Root%\Python27\include\patchlevel.h
- %System Root%\Python27\Lib\cgi.py
- %System Root%\Python27\DLLs\_elementtree.pyd
- %System Root%\Python27\include\pyfpe.h
- %System Root%\Python27\Lib\StringIO.pyc
- %System Root%\Python27\Lib\genericpath.py
- %System Root%\Python27\Lib\dumbdbm.py
- %System Root%\Python27\Lib\nturl2path.pyc
- %System Root%\Python27\Lib\plistlib.py
- %System Root%\Python27\Lib\csv.pyc
- %System Root%\Python27\Lib\posixpath.py
- %System Root%\Python27\Lib\string.py
- %System Root%\Python27\Lib\audiodev.py
- %System Root%\Python27\Lib\netrc.py
- %System Root%\excel2k\XLS2KE04.xls
- %System Root%\Python27\include\object.h
- %System Root%\Python27\Lib\_abcoll.py
- %System Root%\word2k\DOC2KE04.doc
- %System Root%\Python27\Lib\code.py
- %System Root%\Python27\Lib\tempfile.pyc
- %System Root%\Python27\include\asdl.h
- %System Root%\Python27\Lib\random.py
- %System Root%\Python27\Lib\platform.pyc
- %System Root%\Python27\DLLs\unicodedata.pyd
- %System Root%\Python27\Lib\SocketServer.pyc
- %System Root%\Python27\libs\_tkinter.lib
- %System Root%\Python27\Lib\tarfile.py
- %System Root%\Python27\Lib\zipfile.py
- %System Root%\powerpoint2k\PPT2KE04.ppt
- %System Root%\Python27\include\symtable.h
- %System Root%\Python27\Lib\ntpath.pyc
- %System Root%\Python27\Lib\pdb.py
- %System Root%\Python27\include\bufferobject.h
- %System Root%\excel2k\XLS2KExx.xls
- %System Root%\Python27\include\pyctype.h
- %System Root%\Python27\tcl\tcl85.lib
- %System Root%\Python27\include\pyarena.h
- %System Root%\Python27\Lib\gettext.pyc
- %System Root%\Python27\Lib\robotparser.py
- %System Root%\Python27\Lib\shutil.pyc
- %System Root%\Python27\Lib\colorsys.py
- %System Root%\Python27\Lib\linecache.pyc
- %System Root%\Python27\Lib\py_compile.pyc
- %System Root%\powerpoint2k\PPT2KE00.pot
- %System Root%\Python27\Lib\random.pyc
- %System Root%\Python27\Lib\shutil.py
- %System Root%\Python27\Lib\warnings.pyc
- %System Root%\Python27\Lib\BaseHTTPServer.py
- %System Root%\Python27\Lib\formatter.py
- %System Root%\Python27\include\setobject.h
- %System Root%\Python27\Lib\glob.pyc
- %System Root%\Email and Password List.txt
- %System Root%\Python27\include\moduleobject.h
- %System Root%\Python27\include\pymactoolbox.h
- %System Root%\Python27\include\sysmodule.h
- %System Root%\Python27\README.txt
- %System Root%\Python27\include\cStringIO.h
- %System Root%\Python27\Lib\csv.py
- %System Root%\Python27\Lib\numbers.py
- %System Root%\Python27\Lib\CGIHTTPServer.py
- %System Root%\Python27\include\ceval.h
- %System Root%\Python27\Lib\os.pyc
- %System Root%\Python27\tcl\tclstub85.lib
- %System Root%\Python27\Lib\_strptime.pyc
- %System Root%\Python27\Lib\inspect.py
- %System Root%\Python27\Lib\fileinput.py
- %System Root%\Python27\include\timefuncs.h
- %System Root%\Python27\Lib\telnetlib.py
- %System Root%\Python27\Lib\tempfile.py
- %System Root%\Python27\Lib\ftplib.py
- %System Root%\Python27\Lib\fractions.py
- %System Root%\Python27\include\warnings.h
- %System Root%\AVScanner.ini
- %System Root%\Python27\include\modsupport.h
- %System Root%\Python27\Lib\smtpd.py
- %System Root%\Python27\Lib\Bastion.py
- %System Root%\Python27\include\parsetok.h
- %System Root%\Python27\Lib\calendar.py
- %System Root%\Python27\include\pythread.h
- %System Root%\Python27\Lib\optparse.py
- %System Root%\Python27\LICENSE.txt
- %System Root%\Python27\Lib\doctest.py
- %System Root%\Python27\Lib\sunau.py
- %System Root%\Python27\Lib\re.pyc
- %System Root%\Python27\include\methodobject.h
- %System Root%\Python27\Lib\gettext.py
- %System Root%\Python27\DLLs\_tkinter.pyd
- %System Root%\Python27\Lib\hashlib.pyc
- %System Root%\Python27\NEWS.txt
- %System Root%\Python27\include\codecs.h
- %System Root%\Python27\include\iterobject.h
- %System Root%\Python27\Lib\dummy_thread.py
- %System Root%\Python27\Lib\fnmatch.pyc
- %System Root%\Python27\include\pystrcmp.h
- %System Root%\Python27\tcl\tkstub85.lib
- %System Root%\Python27\Lib\os2emxpath.py
- %System Root%\Python27\include\pymath.h
- %System Root%\Python27\Lib\this.py
- %System Root%\Python27\Lib\DocXMLRPCServer.py
- %System Root%\Python27\Lib\hmac.pyc
- %System Root%\Python27\Lib\runpy.py
- %System Root%\Python27\Lib\cmd.py
- %System Root%\Python27\Lib\argparse.pyc
- %System Root%\word2k\DOC2KE02.doc
- %System Root%\Python27\Lib\dircache.py
- %System Root%\Python27\Lib\locale.py
- %System Root%\Python27\Lib\smtplib.py
- %System Root%\Python27\Lib\subprocess.pyc
- %System Root%\Python27\Lib\md5.py
- %System Root%\Python27\Lib\ssl.py
- %System Root%\Python27\include\funcobject.h
- %System Root%\Python27\tcl\tclConfig.sh
- %System Root%\Python27\include\rangeobject.h
- %System Root%\Python27\include\intrcheck.h
- %System Root%\Python27\include\classobject.h
- %System Root%\Python27\Lib\ConfigParser.pyc
- %System Root%\Python27\Lib\macpath.py
- %System Root%\Python27\Lib\repr.py
- %System Root%\Python27\libs\winsound.lib
- %System Root%\Python27\DLLs\_ctypes_test.pyd
- %System Root%\Python27\Lib\_threading_local.py
- %System Root%\Python27\Lib\_weakrefset.pyc
- %System Root%\Email and Password List.htm
- %System Root%\Python27\libs\_ctypes_test.lib
- %System Root%\Python27\include\pyconfig.h
- %System Root%\Python27\Lib\user.py
- %System Root%\Python27\Lib\sched.py
- %System Root%\Python27\libs\_bsddb.lib
- %System Root%\Python27\Lib\textwrap.py
- %System Root%\Python27\include\Python.h
- %System Root%\Python27\include\descrobject.h
- %System Root%\Python27\Lib\_MozillaCookieJar.pyc
- %System Root%\Python27\Lib\MimeWriter.py
- %System Root%\Python27\Lib\posixpath.pyc
- %System Root%\Python27\Lib\subprocess.py
- %System Root%\Python27\Lib\pstats.py
- %System Root%\Python27\Lib\pprint.py
- %System Root%\Python27\include\grammar.h
- %System Root%\Python27\Lib\fpformat.py
- %System Root%\Python27\Lib\ssl.pyc
- %System Root%\Python27\include\sliceobject.h
- %System Root%\Python27\libs\select.lib
- %System Root%\Python27\Lib\socket.pyc
- %System Root%\Python27\Lib\site.pyc
- %System Root%\Python27\include\ucnhash.h
- %System Root%\Python27\Lib\sre_constants.pyc
- %System Root%\Python27\include\bitset.h
- %System Root%\Recovery\{GUID}\boot.sdi
- %System Root%\Python27\Lib\pprint.pyc
- %System Root%\Python27\Lib\warnings.py
- %System Root%\Python27\Lib\chunk.py
- %System Root%\Python27\libs\_sqlite3.lib
- %System Root%\Python27\tcl\tk85.lib
- %System Root%\Python27\Lib\py_compile.py
- %System Root%\Python27\Lib\re.py
- %System Root%\Python27\Lib\shlex.py
- %System Root%\Python27\Lib\tarfile.pyc
- %System Root%\Python27\include\bytearrayobject.h
- %System Root%\Python27\include\bytes_methods.h
- %System Root%\Python27\Lib\cookielib.py
- %System Root%\Python27\Lib\copy_reg.pyc
- %System Root%\Python27\include\graminit.h
- %System Root%\Python27\Lib\calendar.pyc
- %System Root%\Python27\Lib\timeit.py
- %System Root%\Python27\Lib\__phello__.foo.py
- %System Root%\Python27\Lib\whichdb.py
- %System Root%\Python27\include\pygetopt.h
- %System Root%\Python27\Lib\pty.py
- %System Root%\Python27\Lib\bdb.py
- %System Root%\Python27\Lib\quopri.py
- %System Root%\Users\Default\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
- %System Root%\Python27\include\token.h
- %System Root%\Python27\Lib\rexec.py
- %System Root%\Python27\Lib\_weakrefset.py
- %System Root%\Python27\Lib\opcode.pyc
- %System Root%\Python27\Lib\threading.pyc
- %System Root%\Python27\Lib\opcode.py
- %System Root%\Python27\include\weakrefobject.h
- %System Root%\Python27\Lib\keyword.pyc
- %System Root%\Python27\Lib\htmlentitydefs.py
- %System Root%\Users\Default\NTUSER.DAT{{GUID}}.TM.blf
- %System Root%\Python27\Lib\glob.py
- %System Root%\Python27\Lib\ihooks.py
- %System Root%\Python27\DLLs\_bsddb.pyd
- %System Root%\Python27\DLLs\_multiprocessing.pyd
- %System Root%\Python27\Lib\stringprep.pyc
- %System Root%\Python27\libs\_msi.lib
- %System Root%\Python27\include\eval.h
- %System Root%\Python27\Lib\pkgutil.py
- %System Root%\Python27\Lib\SimpleXMLRPCServer.py
- %System Root%\excel2k\XLS2KE03.xls
- %System Root%\Python27\Lib\modulefinder.py
- %System Root%\Python27\Lib\tty.py
- %System Root%\Python27\Lib\profile.py
- %System Root%\Python27\Lib\decimal.pyc
- %System Root%\Python27\include\dtoa.h
- %System Root%\Python27\Lib\mutex.py
- %System Root%\Python27\Lib\aifc.py
- %System Root%\Python27\Lib\SimpleXMLRPCServer.pyc
- %System Root%\Python27\Lib\site.py
- %System Root%\Python27\Lib\cgi.pyc
- %System Root%\Python27\Lib\pipes.py
- %System Root%\Python27\Lib\decimal.py
- %System Root%\Python27\Lib\urllib.py
- %System Root%\Python27\include\fileobject.h
- %System Root%\Python27\Lib\token.py
- %System Root%\Python27\Lib\contextlib.py
- %System Root%\Python27\DLLs\_testcapi.pyd
- %System Root%\Python27\Lib\urlparse.py
- %System Root%\Python27\Lib\HTMLParser.py
- %System Root%\Python27\Lib\copy.py
- %System Root%\word2k\DOC2KE00.dot
- %System Root%\Python27\Lib\rfc822.pyc
- %System Root%\Python27\Lib\rlcompleter.py
- %System Root%\Python27\Lib\uuid.pyc
- %System Root%\Python27\Lib\ast.py
- %System Root%\Python27\Lib\dummy_threading.py
- %System Root%\Python27\Lib\codeop.py
- %System Root%\Python27\Lib\UserDict.py
- %System Root%\Users\Default\NTUSER.DAT.LOG1
- %System Root%\Python27\Lib\xmllib.py
- %System Root%\Python27\Lib\HTMLParser.pyc
- %System Root%\Python27\Lib\nturl2path.py
- %System Root%\Python27\Lib\mimetools.pyc
- %System Root%\Python27\Lib\anydbm.py
- %System Root%\Python27\Lib\tokenize.py
- %System Root%\Python27\Lib\codecs.pyc
- %System Root%\Python27\Lib\nntplib.py
- %System Root%\Python27\include\metagrammar.h
- %System Root%\Python27\Lib\htmlentitydefs.pyc
- %System Root%\Python27\Lib\stringprep.py
- %System Root%\Python27\Lib\symbol.py
- %System Root%\Python27\Lib\mimetypes.pyc
- %System Root%\Python27\Lib\pyclbr.py
- %System Root%\Python27\Lib\codecs.py
- %System Root%\Python27\Lib\sre_parse.py
- %System Root%\Python27\Lib\functools.pyc
- %System Root%\Python27\Lib\antigravity.py
- %System Root%\Python27\include\pymem.h
- %System Root%\Python27\Lib\mimetypes.py
- %System Root%\Python27\Lib\sre_compile.pyc
- %System Root%\Python27\Lib\poplib.py
- %System Root%\Python27\Lib\sunaudio.py
- %System Root%\Python27\Lib\heapq.pyc
- %System Root%\Python27\include\tupleobject.h
- %System Root%\Python27\Lib\sets.py
- %System Root%\Python27\Lib\__future__.py
- %System Root%\powerpoint2k\PPT2KE05.ppt
- %System Root%\Python27\Lib\cookielib.pyc
- %System Root%\Python27\Lib\sysconfig.py
- %System Root%\Python27\include\longobject.h
- %System Root%\Python27\Lib\dis.pyc
- %System Root%\Python27\include\boolobject.h
- %System Root%\Python27\Lib\stringold.py
- %System Root%\Python27\Lib\plistlib.pyc
- %System Root%\Python27\Lib\tokenize.pyc
- %System Root%\word2k\DOC2KE01.doc
- %System Root%\Python27\Lib\numbers.pyc
- %System Root%\Python27\libs\_ssl.lib
- %System Root%\Python27\libs\_socket.lib
- %System Root%\Python27\Lib\UserList.py
- %System Root%\Email and Password List.js
- %System Root%\Python27\Lib\_strptime.py
- %System Root%\Python27\include\py_curses.h
- %System Root%\Python27\Lib\sgmllib.py
- %System Root%\Python27\Lib\pkgutil.pyc
- %System Root%\Python27\Lib\_osx_support.py
- %System Root%\powerpoint2k\PPT2KE02.ppt
- %System Root%\Python27\Lib\socket.py
- %System Root%\Python27\Lib\asyncore.py
- %System Root%\Python27\include\genobject.h
- %System Root%\Python27\Lib\stat.py
- %System Root%\Python27\include\structmember.h
- %System Root%\Python27\Lib\inspect.pyc
- %System Root%\Python27\Lib\shelve.py
- %System Root%\Python27\Lib\symtable.py
- %System Root%\Python27\Lib\collections.py
- %System Root%\Python27\Lib\hmac.py
- %System Root%\Python27\include\errcode.h
- %System Root%\Python27\include\dictobject.h
- %System Root%\Python27\Lib\commands.py
- %System Root%\Python27\include\abstract.h
(註:%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %User Profile%フォルダは、現在ログオンしているユーザのプロファイルフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>" です。)
スパイウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
GitForWindows
aaH = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
GitForWindows
fdle = ";\xb8\xe5\x8ea\x0f\x930\xc6R\x1a\xa3\xf6\x1a\x1e)L8gY\x98\xbb\x0f\x82\xe1\x91oc9\x1b"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
GitForWindows
1TfXk = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
GitForWindows
2YEdLY = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
GitForWindows
AaZW1s3 = ".77d765276"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
GitForWindows
QaUXNv2P = "{random characters}"
作成活動
スパイウェアは、以下のファイルを作成します。
- %System Root%\Python27\tcl\reg1.2\{username}
- %System Root%\Python27\Tools\webchecker\{username}
- %System Root%\Python27\DLLs\bz2.pyd
- %System Root%\Python27\Lib\{username}
- %User Profile%\ntuser.dat.LOG1
- %System Root%\$Recycle.Bin\s-1-5-21-2407829820-1079796033-203259571-1000\{username}
- %System Root%\$Recycle.Bin\s-1-5-21-2407829820-1079796033-203259571-500\{username}
- %System Root%\Users\Default\Videos\{username}
- %System Root%\Python27\Lib\json\{username}
- %System Root%\Users\Public\{username}
- %System Root%\Python27\tcl\tcl8\{username}
- %System Root%\Users\Default\Pictures\{username}
- %System Root%\Python27\Tools\{username}
- %System Root%\Python27\Scripts\{username}
- %System Root%\Python27\include\{username}
- %User Profile%\saved games\{username}
- %System Root%\Python27\tcl\tcl8.5\{username}
- %System Root%\Python27\Lib\bsddb\{username}
- %User Profile%\Contacts\{username}
- %System Root%\Python27\DLLs\{username}
- %System Root%\Users\Default\documents\{username}
- %User Profile%\{username}
- %System Root%\Python27\Lib\xml\{username}
- %System Root%\Python27\Lib\sqlite3\{username}
- %Desktop%\{username}
- %System Root%\Python27\Doc\{username}
- %System Root%\Users\Default\Links\{username}
- %System Root%\Python27\DLLs\_ssl.pyd
- %System Root%\Python27\Lib\idlelib\{username}
- %System Root%\Users\Default\Desktop\{username}
- %System Root%\program files\{username}
- %System Root%\excel2k\{username}
- %System Root%\word2k\{username}
- %System Root%\Python27\tcl\{username}
- %System Root%\Users\Default\saved games\{username}
- %System Root%\Users\{username}\{username}
- %User Profile%\Videos\{username}
- %System Root%\Python27\DLLs\_hashlib.pyd
- %System Root%\Users\{username}
- %User Profile%\Music\{username}
- %System Root%\Python27\Lib\unittest\{username}
- %System Root%\Python27\Tools\i18n\{username}
- %System Root%\Python27\Lib\encodings\{username}
- %System Root%\Python27\Lib\ensurepip\{username}
- %System Root%\Python27\Lib\pydoc_data\{username}
- %System Root%\Python27\Tools\Scripts\{username}
- %System Root%\Python27\DLLs\_ctypes.pyd
- %System Root%\Python27\Lib\ctypes\{username}
- %System Root%\{username}
- %System Root%\Python27\{username}
- %System Root%\Users\Default\{username}
- %User Profile%\usb_drive.img
- %User Profile%\documents\{username}
- %System Root%\Python27\Lib\multiprocessing\{username}
- %System Root%\Python27\Lib\lib2to3\{username}
- %System Root%\Users\Default\downloads\{username}
- %System Root%\powerpoint2k\{username}
- %Favorites%\{username}
- %System Root%\Python27\tcl\dde1.3\{username}
- %System Root%\Python27\Lib\logging\{username}
- %System Root%\Python27\DLLs\_socket.pyd
- A:\{username}
- %User Profile%\NTUSER.DAT{{GUID}}.TM.blf
- %System Root%\Python27\libs\{username}
- %System Root%\Python27\Tools\pynche\{username}
- %System Root%\Python27\tcl\tix8.4.3\{username}
- %System Root%\Python27\Lib\wsgiref\{username}
- %User Profile%\Links\{username}
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
- %System Root%\Python27\Lib\tkinter\{username}
- %System Root%\Users\Default\favorites\{username}
- %System Root%\Python27\Lib\msilib\{username}
- %System Root%\Python27\Lib\lib-tk\{username}
- %User Profile%\Pictures\{username}
- %System Root%\Python27\Lib\test\{username}
- %System Root%\$Recycle.Bin\{username}
- %System Root%\Python27\Lib\importlib\{username}
- %User Profile%\downloads\{username}
- %Program Files%\{username}
- %System Root%\Recovery\{GUID}\{username}
- %System Root%\Python27\Lib\site-packages\{username}
- %System Root%\Python27\DLLs\select.pyd
- %System Root%\Python27\Lib\email\{username}
- %System Root%\Users\Default\Music\{username}
- %System Root%\Python27\Lib\distutils\{username}
- %System Root%\Recovery\{username}
- %System Root%\Users\Public\Desktop\{username}
- %System Root%\Python27\Lib\hotshot\{username}
- %System Root%\Python27\Lib\compiler\{username}
- %System Root%\Python27\DLLs\pyexpat.pyd
- %User Profile%\Searches\{username}
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
- %System Root%\Python27\Tools\versioncheck\{username}
- %System Root%\Python27\Lib\curses\{username}
- %System Root%\Python27\tcl\tk8.5\{username}
(註:%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %User Profile%フォルダは、現在ログオンしているユーザのプロファイルフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>" です。. %Desktop%フォルダは、現在ログオンしているユーザのデスクトップです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>\Desktop" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\Desktop" です。. %Favorites%フォルダは、現在ログオンしているユーザのお気に入りフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>\Favorites" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\Favorites" です。. %Program Files%フォルダは、デフォルトのプログラムファイルフォルダです。C:\Program Files in Windows 2000(32-bit)、Server 2003(32-bit)、XP、Vista(64-bit)、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Program Files"です。また、Windows XP(64-bit)、Vista(64-bit)、7(64-bit)、8(64-bit)、8.1(64-bit)、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Program Files(x86)" です。)
その他
スパイウェアは、以下の不正なWebサイトにアクセスします。
- {BLOCKED}.166.81
ランサムウェアの不正活動
マルウェアは、以下の名称を利用して暗号化されたファイルのファイル名を改称します。
- {encrypted file}.77d765276
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
「TrojanSpy.Win32.EMOTET.TBFHQ」で検出したファイル名を確認し、そのファイルを終了します。
- すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
- 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。 - 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。
手順 3
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GitForWindows
- aaH = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GitForWindows
- fdle = ";\xb8\xe5\x8ea\x0f\x930\xc6R\x1a\xa3\xf6\x1a\x1e)L8gY\x98\xbb\x0f\x82\xe1\x91oc9\x1b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GitForWindows
- 1TfXk = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GitForWindows
- 2YEdLY = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GitForWindows
- AaZW1s3 = ".77d765276"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GitForWindows
- QaUXNv2P = "{random characters}"
手順 4
以下のファイルを検索し削除します。
- %System Root%\Python27\tcl\reg1.2\{username}
- %System Root%\Python27\Tools\webchecker\{username}
- %System Root%\Python27\DLLs\bz2.pyd
- %System Root%\Python27\Lib\{username}
- %User Profile%\ntuser.dat.LOG1
- %System Root%\$Recycle.Bin\s-1-5-21-2407829820-1079796033-203259571-1000\{username}
- %System Root%\$Recycle.Bin\s-1-5-21-2407829820-1079796033-203259571-500\{username}
- %System Root%\Users\Default\Videos\{username}
- %System Root%\Python27\Lib\json\{username}
- %System Root%\Users\Public\{username}
- %System Root%\Python27\tcl\tcl8\{username}
- %System Root%\Users\Default\Pictures\{username}
- %System Root%\Python27\Tools\{username}
- %System Root%\Python27\Scripts\{username}
- %System Root%\Python27\include\{username}
- %User Profile%\saved games\{username}
- %System Root%\Python27\tcl\tcl8.5\{username}
- %System Root%\Python27\Lib\bsddb\{username}
- %User Profile%\Contacts\{username}
- %System Root%\Python27\DLLs\{username}
- %System Root%\Users\Default\documents\{username}
- %User Profile%\{username}
- %System Root%\Python27\Lib\xml\{username}
- %System Root%\Python27\Lib\sqlite3\{username}
- %Desktop%\{username}
- %System Root%\Python27\Doc\{username}
- %System Root%\Users\Default\Links\{username}
- %System Root%\Python27\DLLs\_ssl.pyd
- %System Root%\Python27\Lib\idlelib\{username}
- %System Root%\Users\Default\Desktop\{username}
- %System Root%\program files\{username}
- %System Root%\excel2k\{username}
- %System Root%\word2k\{username}
- %System Root%\Python27\tcl\{username}
- %System Root%\Users\Default\saved games\{username}
- %System Root%\Users\{username}\{username}
- %User Profile%\Videos\{username}
- %System Root%\Python27\DLLs\_hashlib.pyd
- %System Root%\Users\{username}
- %User Profile%\Music\{username}
- %System Root%\Python27\Lib\unittest\{username}
- %System Root%\Python27\Tools\i18n\{username}
- %System Root%\Python27\Lib\encodings\{username}
- %System Root%\Python27\Lib\ensurepip\{username}
- %System Root%\Python27\Lib\pydoc_data\{username}
- %System Root%\Python27\Tools\Scripts\{username}
- %System Root%\Python27\DLLs\_ctypes.pyd
- %System Root%\Python27\Lib\ctypes\{username}
- %System Root%\{username}
- %System Root%\Python27\{username}
- %System Root%\Users\Default\{username}
- %User Profile%\usb_drive.img
- %User Profile%\documents\{username}
- %System Root%\Python27\Lib\multiprocessing\{username}
- %System Root%\Python27\Lib\lib2to3\{username}
- %System Root%\Users\Default\downloads\{username}
- %System Root%\powerpoint2k\{username}
- %Favorites%\{username}
- %System Root%\Python27\tcl\dde1.3\{username}
- %System Root%\Python27\Lib\logging\{username}
- %System Root%\Python27\DLLs\_socket.pyd
- A:\{username}
- %User Profile%\NTUSER.DAT{{GUID}}.TM.blf
- %System Root%\Python27\libs\{username}
- %System Root%\Python27\Tools\pynche\{username}
- %System Root%\Python27\tcl\tix8.4.3\{username}
- %System Root%\Python27\Lib\wsgiref\{username}
- %User Profile%\Links\{username}
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
- %System Root%\Python27\Lib\tkinter\{username}
- %System Root%\Users\Default\favorites\{username}
- %System Root%\Python27\Lib\msilib\{username}
- %System Root%\Python27\Lib\lib-tk\{username}
- %User Profile%\Pictures\{username}
- %System Root%\Python27\Lib\test\{username}
- %System Root%\$Recycle.Bin\{username}
- %System Root%\Python27\Lib\importlib\{username}
- %User Profile%\downloads\{username}
- %Program Files%\{username}
- %System Root%\Recovery\{GUID}\{username}
- %System Root%\Python27\Lib\site-packages\{username}
- %System Root%\Python27\DLLs\select.pyd
- %System Root%\Python27\Lib\email\{username}
- %System Root%\Users\Default\Music\{username}
- %System Root%\Python27\Lib\distutils\{username}
- %System Root%\Recovery\{username}
- %System Root%\Users\Public\Desktop\{username}
- %System Root%\Python27\Lib\hotshot\{username}
- %System Root%\Python27\Lib\compiler\{username}
- %System Root%\Python27\DLLs\pyexpat.pyd
- %User Profile%\Searches\{username}
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
- %System Root%\Python27\Tools\versioncheck\{username}
- %System Root%\Python27\Lib\curses\{username}
- %System Root%\Python27\tcl\tk8.5\{username}
手順 5
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TrojanSpy.Win32.EMOTET.TBFHQ」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 6
以下のファイルをバックアップを用いて修復します。マイクロソフト製品に関連したファイルのみに修復されます。このマルウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %System Root%\Python27\Lib\StringIO.py
- %System Root%\Python27\Lib\urlparse.pyc
- %System Root%\Python27\include\structseq.h
- %System Root%\Python27\Lib\contextlib.pyc
- %System Root%\Python27\include\cobject.h
- %System Root%\Python27\Lib\zipfile.pyc
- %System Root%\Python27\include\Python-ast.h
- %System Root%\Python27\libs\libpython27.a
- %System Root%\Python27\Lib\htmllib.py
- %System Root%\Python27\Lib\mhlib.py
- %System Root%\Python27\Lib\threading.py
- %System Root%\Python27\Lib\gzip.py
- %System Root%\excel2k\XLS2KE00.xlt
- %System Root%\Python27\Lib\optparse.pyc
- %System Root%\Python27\Lib\cProfile.py
- %System Root%\Python27\Lib\io.pyc
- %System Root%\Python27\include\ast.h
- %System Root%\excel2k\XLS2KE05.xls
- %System Root%\Python27\Lib\UserString.py
- %System Root%\Python27\include\complexobject.h
- %System Root%\Python27\include\objimpl.h
- %System Root%\Python27\include\traceback.h
- %System Root%\Python27\Lib\traceback.py
- %System Root%\Python27\libs\bz2.lib
- %System Root%\Python27\include\cellobject.h
- %System Root%\Python27\include\unicodeobject.h
- %System Root%\Python27\Lib\fractions.pyc
- %System Root%\Users\Default\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
- %System Root%\word2k\DOC2KE03.doc
- %System Root%\Python27\Lib\posixfile.py
- %System Root%\Python27\Lib\UserDict.pyc
- %System Root%\Python27\Lib\Cookie.py
- %System Root%\Python27\libs\_hashlib.lib
- %System Root%\Python27\Lib\hashlib.py
- %System Root%\Python27\include\pythonrun.h
- %System Root%\Python27\Lib\wave.py
- %System Root%\Python27\Lib\rfc822.py
- %System Root%\Recovery\{GUID}\Winre.wim
- %System Root%\Python27\Lib\_LWPCookieJar.pyc
- %System Root%\Python27\libs\pyexpat.lib
- %System Root%\Python27\DLLs\_msi.pyd
- %System Root%\Python27\Lib\io.py
- %System Root%\Python27\libs\_testcapi.lib
- %System Root%\Python27\Lib\keyword.py
- %System Root%\Python27\Lib\copy.pyc
- %System Root%\Python27\Lib\pickletools.py
- %System Root%\Python27\Lib\Queue.pyc
- %System Root%\Python27\Lib\difflib.py
- %System Root%\Python27\Lib\dbhash.py
- %System Root%\Python27\Lib\shlex.pyc
- %System Root%\Python27\Lib\ntpath.py
- %System Root%\Python27\Lib\trace.py
- %System Root%\Python27\Lib\fnmatch.py
- %System Root%\Python27\Lib\markupbase.py
- %System Root%\Python27\Lib\types.py
- %System Root%\Python27\include\pystate.h
- %System Root%\Python27\include\pydebug.h
- %System Root%\Python27\Lib\string.pyc
- %System Root%\Python27\include\enumobject.h
- %System Root%\Python27\include\pgenheaders.h
- %System Root%\Python27\Lib\base64.pyc
- %System Root%\Python27\Lib\base64.py
- %System Root%\Python27\Lib\SocketServer.py
- %System Root%\Python27\Lib\struct.py
- %System Root%\Python27\Lib\compileall.py
- %System Root%\Python27\Lib\_LWPCookieJar.py
- %System Root%\Python27\Lib\abc.pyc
- %System Root%\Python27\Lib\dis.py
- %System Root%\Python27\include\osdefs.h
- %System Root%\Python27\Lib\Cookie.pyc
- %System Root%\Python27\include\compile.h
- %System Root%\Python27\Lib\uuid.py
- %System Root%\Python27\Lib\_MozillaCookieJar.py
- %System Root%\Python27\Lib\functools.py
- %System Root%\Python27\Lib\mimetools.py
- %System Root%\Python27\Lib\xdrlib.py
- %System Root%\Python27\include\node.h
- %System Root%\Python27\Lib\atexit.py
- %System Root%\Python27\Lib\heapq.py
- %System Root%\Python27\include\longintrepr.h
- %System Root%\Python27\Lib\sre_parse.pyc
- %System Root%\Python27\Lib\xmlrpclib.py
- %User Profile%\NTUSER.DAT{{GUID}}.TM.blf
- %System Root%\Python27\include\datetime.h
- %System Root%\Python27\Lib\toaiff.py
- %System Root%\Python27\Lib\bisect.py
- %System Root%\Python27\Lib\sysconfig.pyc
- %System Root%\Python27\include\stringobject.h
- %System Root%\Python27\Lib\BaseHTTPServer.pyc
- %System Root%\Python27\Lib\sre.py
- %System Root%\Python27\libs\_elementtree.lib
- %System Root%\Python27\Lib\runpy.pyc
- %System Root%\Python27\Lib\cgitb.py
- %System Root%\Python27\Lib\mailcap.py
- %System Root%\Python27\Lib\mimify.py
- %System Root%\Python27\Lib\genericpath.pyc
- %System Root%\Python27\Lib\copy_reg.py
- %System Root%\Python27\Lib\pydoc.py
- %System Root%\Python27\Lib\uu.py
- %System Root%\Python27\Lib\weakref.py
- %System Root%\Python27\libs\_multiprocessing.lib
- %System Root%\Python27\Lib\statvfs.py
- %System Root%\Python27\Lib\gzip.pyc
- %System Root%\Python27\include\pymacconfig.h
- %System Root%\Python27\Lib\imghdr.py
- %System Root%\Python27\include\pyerrors.h
- %System Root%\Python27\Lib\httplib.py
- %System Root%\Python27\Lib\collections.pyc
- %System Root%\Python27\Lib\imaplib.py
- %System Root%\Python27\include\intobject.h
- %System Root%\powerpoint2k\PPT2KE01.ppt
- %System Root%\powerpoint2k\PPT2KE03.ppt
- %System Root%\Python27\Lib\getopt.pyc
- %System Root%\Python27\Doc\python2715.chm
- %System Root%\Python27\Lib\getpass.py
- %System Root%\Python27\Lib\sha.py
- %System Root%\Python27\Lib\uu.pyc
- %System Root%\Python27\Lib\sre_constants.py
- %System Root%\word2k\DOC2KExx.doc
- %System Root%\Python27\Lib\tabnanny.py
- %System Root%\Python27\include\pystrtod.h
- %System Root%\Python27\include\marshal.h
- %System Root%\excel2k\XLS2KE02.xls
- %System Root%\excel2k\XLS2KE01.xls
- %System Root%\Python27\Lib\new.py
- %System Root%\Python27\libs\_ctypes.lib
- %System Root%\Python27\Lib\types.pyc
- %System Root%\set_hostname.vbs
- %System Root%\Python27\include\pyexpat.h
- %System Root%\Python27\Lib\compileall.pyc
- %System Root%\Python27\Lib\markupbase.pyc
- %System Root%\Python27\Lib\binhex.py
- %System Root%\Python27\include\floatobject.h
- %System Root%\Python27\Lib\getpass.pyc
- %System Root%\Python27\libs\python27.lib
- %System Root%\word2k\DOC2KE05.doc
- %System Root%\Python27\Lib\multifile.py
- %System Root%\Python27\Lib\atexit.pyc
- %System Root%\Python27\include\memoryobject.h
- %System Root%\Python27\Lib\_pyio.py
- %System Root%\Python27\Lib\traceback.pyc
- %System Root%\Python27\Lib\mailbox.py
- %System Root%\Python27\Lib\SimpleHTTPServer.py
- %System Root%\Python27\libs\unicodedata.lib
- %System Root%\Python27\Lib\ConfigParser.py
- %System Root%\Python27\Lib\_abcoll.pyc
- %System Root%\Python27\Lib\quopri.pyc
- %System Root%\Python27\Lib\locale.pyc
- %System Root%\Python27\Lib\popen2.py
- %System Root%\Python27\Lib\urllib2.pyc
- %System Root%\Python27\Lib\netrc.pyc
- %System Root%\Python27\Lib\struct.pyc
- %System Root%\Python27\Lib\os.py
- %System Root%\Python27\Lib\abc.py
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
- %System Root%\Python27\Lib\asynchat.py
- %System Root%\Python27\include\opcode.h
- %System Root%\Email and Password List.vbs
- %System Root%\Python27\Lib\macurl2path.py
- %System Root%\Python27\include\import.h
- %User Profile%\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
- %System Root%\powerpoint2k\PPT2KExx.PPT
- %System Root%\Python27\DLLs\winsound.pyd
- %System Root%\Python27\Lib\httplib.pyc
- %System Root%\Python27\Lib\pickle.py
- %System Root%\Python27\Lib\bisect.pyc
- %System Root%\Python27\Lib\urllib.pyc
- %System Root%\Python27\include\code.h
- %System Root%\Python27\Lib\token.pyc
- %System Root%\Python27\include\listobject.h
- %System Root%\Python27\include\pgen.h
- %System Root%\Python27\DLLs\_sqlite3.pyd
- %System Root%\Python27\include\pyport.h
- %System Root%\Python27\include\pycapsule.h
- %System Root%\Python27\Lib\linecache.py
- %System Root%\Python27\include\bytesobject.h
- %System Root%\Python27\Lib\stat.pyc
- %System Root%\Python27\Lib\Queue.py
- %System Root%\Python27\Lib\xmlrpclib.pyc
- %System Root%\Python27\Lib\sre_compile.py
- %System Root%\Python27\Lib\getopt.py
- %System Root%\Python27\Lib\platform.py
- %System Root%\Python27\Lib\webbrowser.py
- %System Root%\Python27\Lib\urllib2.py
- %System Root%\Python27\Lib\argparse.py
- %System Root%\Python27\Lib\__future__.pyc
- %System Root%\Python27\Lib\textwrap.pyc
- %System Root%\Python27\Lib\filecmp.py
- %System Root%\Python27\Lib\weakref.pyc
- %System Root%\Python27\Lib\sndhdr.py
- %System Root%\Python27\include\frameobject.h
- %System Root%\Python27\include\patchlevel.h
- %System Root%\Python27\Lib\cgi.py
- %System Root%\Python27\DLLs\_elementtree.pyd
- %System Root%\Python27\include\pyfpe.h
- %System Root%\Python27\Lib\StringIO.pyc
- %System Root%\Python27\Lib\genericpath.py
- %System Root%\Python27\Lib\dumbdbm.py
- %System Root%\Python27\Lib\nturl2path.pyc
- %System Root%\Python27\Lib\plistlib.py
- %System Root%\Python27\Lib\csv.pyc
- %System Root%\Python27\Lib\posixpath.py
- %System Root%\Python27\Lib\string.py
- %System Root%\Python27\Lib\audiodev.py
- %System Root%\Python27\Lib\netrc.py
- %System Root%\excel2k\XLS2KE04.xls
- %System Root%\Python27\include\object.h
- %System Root%\Python27\Lib\_abcoll.py
- %System Root%\word2k\DOC2KE04.doc
- %System Root%\Python27\Lib\code.py
- %System Root%\Python27\Lib\tempfile.pyc
- %System Root%\Python27\include\asdl.h
- %System Root%\Python27\Lib\random.py
- %System Root%\Python27\Lib\platform.pyc
- %System Root%\Python27\DLLs\unicodedata.pyd
- %System Root%\Python27\Lib\SocketServer.pyc
- %System Root%\Python27\libs\_tkinter.lib
- %System Root%\Python27\Lib\tarfile.py
- %System Root%\Python27\Lib\zipfile.py
- %System Root%\powerpoint2k\PPT2KE04.ppt
- %System Root%\Python27\include\symtable.h
- %System Root%\Python27\Lib\ntpath.pyc
- %System Root%\Python27\Lib\pdb.py
- %System Root%\Python27\include\bufferobject.h
- %System Root%\excel2k\XLS2KExx.xls
- %System Root%\Python27\include\pyctype.h
- %System Root%\Python27\tcl\tcl85.lib
- %System Root%\Python27\include\pyarena.h
- %System Root%\Python27\Lib\gettext.pyc
- %System Root%\Python27\Lib\robotparser.py
- %System Root%\Python27\Lib\shutil.pyc
- %System Root%\Python27\Lib\colorsys.py
- %System Root%\Python27\Lib\linecache.pyc
- %System Root%\Python27\Lib\py_compile.pyc
- %System Root%\powerpoint2k\PPT2KE00.pot
- %System Root%\Python27\Lib\random.pyc
- %System Root%\Python27\Lib\shutil.py
- %System Root%\Python27\Lib\warnings.pyc
- %System Root%\Python27\Lib\BaseHTTPServer.py
- %System Root%\Python27\Lib\formatter.py
- %System Root%\Python27\include\setobject.h
- %System Root%\Python27\Lib\glob.pyc
- %System Root%\Email and Password List.txt
- %System Root%\Python27\include\moduleobject.h
- %System Root%\Python27\include\pymactoolbox.h
- %System Root%\Python27\include\sysmodule.h
- %System Root%\Python27\README.txt
- %System Root%\Python27\include\cStringIO.h
- %System Root%\Python27\Lib\csv.py
- %System Root%\Python27\Lib\numbers.py
- %System Root%\Python27\Lib\CGIHTTPServer.py
- %System Root%\Python27\include\ceval.h
- %System Root%\Python27\Lib\os.pyc
- %System Root%\Python27\tcl\tclstub85.lib
- %System Root%\Python27\Lib\_strptime.pyc
- %System Root%\Python27\Lib\inspect.py
- %System Root%\Python27\Lib\fileinput.py
- %System Root%\Python27\include\timefuncs.h
- %System Root%\Python27\Lib\telnetlib.py
- %System Root%\Python27\Lib\tempfile.py
- %System Root%\Python27\Lib\ftplib.py
- %System Root%\Python27\Lib\fractions.py
- %System Root%\Python27\include\warnings.h
- %System Root%\AVScanner.ini
- %System Root%\Python27\include\modsupport.h
- %System Root%\Python27\Lib\smtpd.py
- %System Root%\Python27\Lib\Bastion.py
- %System Root%\Python27\include\parsetok.h
- %System Root%\Python27\Lib\calendar.py
- %System Root%\Python27\include\pythread.h
- %System Root%\Python27\Lib\optparse.py
- %System Root%\Python27\LICENSE.txt
- %System Root%\Python27\Lib\doctest.py
- %System Root%\Python27\Lib\sunau.py
- %System Root%\Python27\Lib\re.pyc
- %System Root%\Python27\include\methodobject.h
- %System Root%\Python27\Lib\gettext.py
- %System Root%\Python27\DLLs\_tkinter.pyd
- %System Root%\Python27\Lib\hashlib.pyc
- %System Root%\Python27\NEWS.txt
- %System Root%\Python27\include\codecs.h
- %System Root%\Python27\include\iterobject.h
- %System Root%\Python27\Lib\dummy_thread.py
- %System Root%\Python27\Lib\fnmatch.pyc
- %System Root%\Python27\include\pystrcmp.h
- %System Root%\Python27\tcl\tkstub85.lib
- %System Root%\Python27\Lib\os2emxpath.py
- %System Root%\Python27\include\pymath.h
- %System Root%\Python27\Lib\this.py
- %System Root%\Python27\Lib\DocXMLRPCServer.py
- %System Root%\Python27\Lib\hmac.pyc
- %System Root%\Python27\Lib\runpy.py
- %System Root%\Python27\Lib\cmd.py
- %System Root%\Python27\Lib\argparse.pyc
- %System Root%\word2k\DOC2KE02.doc
- %System Root%\Python27\Lib\dircache.py
- %System Root%\Python27\Lib\locale.py
- %System Root%\Python27\Lib\smtplib.py
- %System Root%\Python27\Lib\subprocess.pyc
- %System Root%\Python27\Lib\md5.py
- %System Root%\Python27\Lib\ssl.py
- %System Root%\Python27\include\funcobject.h
- %System Root%\Python27\tcl\tclConfig.sh
- %System Root%\Python27\include\rangeobject.h
- %System Root%\Python27\include\intrcheck.h
- %System Root%\Python27\include\classobject.h
- %System Root%\Python27\Lib\ConfigParser.pyc
- %System Root%\Python27\Lib\macpath.py
- %System Root%\Python27\Lib\repr.py
- %System Root%\Python27\libs\winsound.lib
- %System Root%\Python27\DLLs\_ctypes_test.pyd
- %System Root%\Python27\Lib\_threading_local.py
- %System Root%\Python27\Lib\_weakrefset.pyc
- %System Root%\Email and Password List.htm
- %System Root%\Python27\libs\_ctypes_test.lib
- %System Root%\Python27\include\pyconfig.h
- %System Root%\Python27\Lib\user.py
- %System Root%\Python27\Lib\sched.py
- %System Root%\Python27\libs\_bsddb.lib
- %System Root%\Python27\Lib\textwrap.py
- %System Root%\Python27\include\Python.h
- %System Root%\Python27\include\descrobject.h
- %System Root%\Python27\Lib\_MozillaCookieJar.pyc
- %System Root%\Python27\Lib\MimeWriter.py
- %System Root%\Python27\Lib\posixpath.pyc
- %System Root%\Python27\Lib\subprocess.py
- %System Root%\Python27\Lib\pstats.py
- %System Root%\Python27\Lib\pprint.py
- %System Root%\Python27\include\grammar.h
- %System Root%\Python27\Lib\fpformat.py
- %System Root%\Python27\Lib\ssl.pyc
- %System Root%\Python27\include\sliceobject.h
- %System Root%\Python27\libs\select.lib
- %System Root%\Python27\Lib\socket.pyc
- %System Root%\Python27\Lib\site.pyc
- %System Root%\Python27\include\ucnhash.h
- %System Root%\Python27\Lib\sre_constants.pyc
- %System Root%\Python27\include\bitset.h
- %System Root%\Recovery\{GUID}\boot.sdi
- %System Root%\Python27\Lib\pprint.pyc
- %System Root%\Python27\Lib\warnings.py
- %System Root%\Python27\Lib\chunk.py
- %System Root%\Python27\libs\_sqlite3.lib
- %System Root%\Python27\tcl\tk85.lib
- %System Root%\Python27\Lib\py_compile.py
- %System Root%\Python27\Lib\re.py
- %System Root%\Python27\Lib\shlex.py
- %System Root%\Python27\Lib\tarfile.pyc
- %System Root%\Python27\include\bytearrayobject.h
- %System Root%\Python27\include\bytes_methods.h
- %System Root%\Python27\Lib\cookielib.py
- %System Root%\Python27\Lib\copy_reg.pyc
- %System Root%\Python27\include\graminit.h
- %System Root%\Python27\Lib\calendar.pyc
- %System Root%\Python27\Lib\timeit.py
- %System Root%\Python27\Lib\__phello__.foo.py
- %System Root%\Python27\Lib\whichdb.py
- %System Root%\Python27\include\pygetopt.h
- %System Root%\Python27\Lib\pty.py
- %System Root%\Python27\Lib\bdb.py
- %System Root%\Python27\Lib\quopri.py
- %System Root%\Users\Default\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
- %System Root%\Python27\include\token.h
- %System Root%\Python27\Lib\rexec.py
- %System Root%\Python27\Lib\_weakrefset.py
- %System Root%\Python27\Lib\opcode.pyc
- %System Root%\Python27\Lib\threading.pyc
- %System Root%\Python27\Lib\opcode.py
- %System Root%\Python27\include\weakrefobject.h
- %System Root%\Python27\Lib\keyword.pyc
- %System Root%\Python27\Lib\htmlentitydefs.py
- %System Root%\Users\Default\NTUSER.DAT{{GUID}}.TM.blf
- %System Root%\Python27\Lib\glob.py
- %System Root%\Python27\Lib\ihooks.py
- %System Root%\Python27\DLLs\_bsddb.pyd
- %System Root%\Python27\DLLs\_multiprocessing.pyd
- %System Root%\Python27\Lib\stringprep.pyc
- %System Root%\Python27\libs\_msi.lib
- %System Root%\Python27\include\eval.h
- %System Root%\Python27\Lib\pkgutil.py
- %System Root%\Python27\Lib\SimpleXMLRPCServer.py
- %System Root%\excel2k\XLS2KE03.xls
- %System Root%\Python27\Lib\modulefinder.py
- %System Root%\Python27\Lib\tty.py
- %System Root%\Python27\Lib\profile.py
- %System Root%\Python27\Lib\decimal.pyc
- %System Root%\Python27\include\dtoa.h
- %System Root%\Python27\Lib\mutex.py
- %System Root%\Python27\Lib\aifc.py
- %System Root%\Python27\Lib\SimpleXMLRPCServer.pyc
- %System Root%\Python27\Lib\site.py
- %System Root%\Python27\Lib\cgi.pyc
- %System Root%\Python27\Lib\pipes.py
- %System Root%\Python27\Lib\decimal.py
- %System Root%\Python27\Lib\urllib.py
- %System Root%\Python27\include\fileobject.h
- %System Root%\Python27\Lib\token.py
- %System Root%\Python27\Lib\contextlib.py
- %System Root%\Python27\DLLs\_testcapi.pyd
- %System Root%\Python27\Lib\urlparse.py
- %System Root%\Python27\Lib\HTMLParser.py
- %System Root%\Python27\Lib\copy.py
- %System Root%\word2k\DOC2KE00.dot
- %System Root%\Python27\Lib\rfc822.pyc
- %System Root%\Python27\Lib\rlcompleter.py
- %System Root%\Python27\Lib\uuid.pyc
- %System Root%\Python27\Lib\ast.py
- %System Root%\Python27\Lib\dummy_threading.py
- %System Root%\Python27\Lib\codeop.py
- %System Root%\Python27\Lib\UserDict.py
- %System Root%\Users\Default\NTUSER.DAT.LOG1
- %System Root%\Python27\Lib\xmllib.py
- %System Root%\Python27\Lib\HTMLParser.pyc
- %System Root%\Python27\Lib\nturl2path.py
- %System Root%\Python27\Lib\mimetools.pyc
- %System Root%\Python27\Lib\anydbm.py
- %System Root%\Python27\Lib\tokenize.py
- %System Root%\Python27\Lib\codecs.pyc
- %System Root%\Python27\Lib\nntplib.py
- %System Root%\Python27\include\metagrammar.h
- %System Root%\Python27\Lib\htmlentitydefs.pyc
- %System Root%\Python27\Lib\stringprep.py
- %System Root%\Python27\Lib\symbol.py
- %System Root%\Python27\Lib\mimetypes.pyc
- %System Root%\Python27\Lib\pyclbr.py
- %System Root%\Python27\Lib\codecs.py
- %System Root%\Python27\Lib\sre_parse.py
- %System Root%\Python27\Lib\functools.pyc
- %System Root%\Python27\Lib\antigravity.py
- %System Root%\Python27\include\pymem.h
- %System Root%\Python27\Lib\mimetypes.py
- %System Root%\Python27\Lib\sre_compile.pyc
- %System Root%\Python27\Lib\poplib.py
- %System Root%\Python27\Lib\sunaudio.py
- %System Root%\Python27\Lib\heapq.pyc
- %System Root%\Python27\include\tupleobject.h
- %System Root%\Python27\Lib\sets.py
- %System Root%\Python27\Lib\__future__.py
- %System Root%\powerpoint2k\PPT2KE05.ppt
- %System Root%\Python27\Lib\cookielib.pyc
- %System Root%\Python27\Lib\sysconfig.py
- %System Root%\Python27\include\longobject.h
- %System Root%\Python27\Lib\dis.pyc
- %System Root%\Python27\include\boolobject.h
- %System Root%\Python27\Lib\stringold.py
- %System Root%\Python27\Lib\plistlib.pyc
- %System Root%\Python27\Lib\tokenize.pyc
- %System Root%\word2k\DOC2KE01.doc
- %System Root%\Python27\Lib\numbers.pyc
- %System Root%\Python27\libs\_ssl.lib
- %System Root%\Python27\libs\_socket.lib
- %System Root%\Python27\Lib\UserList.py
- %System Root%\Email and Password List.js
- %System Root%\Python27\Lib\_strptime.py
- %System Root%\Python27\include\py_curses.h
- %System Root%\Python27\Lib\sgmllib.py
- %System Root%\Python27\Lib\pkgutil.pyc
- %System Root%\Python27\Lib\_osx_support.py
- %System Root%\powerpoint2k\PPT2KE02.ppt
- %System Root%\Python27\Lib\socket.py
- %System Root%\Python27\Lib\asyncore.py
- %System Root%\Python27\include\genobject.h
- %System Root%\Python27\Lib\stat.py
- %System Root%\Python27\include\structmember.h
- %System Root%\Python27\Lib\inspect.pyc
- %System Root%\Python27\Lib\shelve.py
- %System Root%\Python27\Lib\symtable.py
- %System Root%\Python27\Lib\collections.py
- %System Root%\Python27\Lib\hmac.py
- %System Root%\Python27\include\errcode.h
- %System Root%\Python27\include\dictobject.h
- %System Root%\Python27\Lib\commands.py
- %System Root%\Python27\include\abstract.h
ご利用はいかがでしたか? アンケートにご協力ください