TSPY_INFOSTEAL.XSX

スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

スパイウェアは、実行後、自身を削除します。

侵入方法

スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

スパイウェアは、以下のフォルダを作成します。

• %Application Data%\fowo
• %System Root%\_118203_
• %System Root%\aee35ada2e57eb58f1a078d9cff819
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update

(註：%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。.. %System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.)

他のシステム変更

スパイウェアは、以下のレジストリキーを追加します。

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION

HKEY_CURRENT_USER\Software\qanz

HKEY_LOCAL_MACHINE\SOFTWARE\qanz

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate\
OSUpgrade

HKEY_LOCAL_MACHINE\SOFTWARE\D83EBBB12F0DFD79

HKEY_LOCAL_MACHINE\SOFTWARE\5B8E1A5329B209EBFF75

スパイウェアは、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
regsvr32.exe = "22b8"

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
iexplore.exe = "22b8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
regsvr32.exe = "22b8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
iexplore.exe = "22b8"

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate
DisableOSUpgrade = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
zojewbdazo = "{random characters}"

HKEY_CURRENT_USER\Software\qanz
zojewbdazo = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate\
OSUpgrade
ReservationsAllowed = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
ltpxeirzlt = "cWkR3Z4+VTA1Zw=="

HKEY_CURRENT_USER\Software\qanz
ltpxeirzlt = "Jm0W2ZVsVaprZQ=="

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
bjtkim = "cjEV2ZY9UHW5nmW+LOD77wroVGRPwPM="

HKEY_CURRENT_USER\Software\qanz
bjtkim = "dTsSipc9WMSNwrjKcve8O+SkFsQ83Ls="

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
eljz = "djBMiZ85U1AltSXZk1NXwsw="

HKEY_CURRENT_USER\Software\qanz
eljz = "ITgXjZ49WZ8V5vSGYPtZffI="

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
kqdg = "{random characters}"

HKEY_CURRENT_USER\Software\qanz
kqdg = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\D83EBBB12F0DFD79
DFBC00751AA0243DC2C = "DFBC00751AA0243DC2C"

HKEY_LOCAL_MACHINE\SOFTWARE\5B8E1A5329B209EBFF75
FDF7FB5FC49927720 = "FDF7FB5FC49927720"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup
LogLevel = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup
LogLevel = "0"

スパイウェアは、以下のレジストリ値を変更します。

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\3
1206 = "0"

(註：変更前の上記レジストリ値は、「3」となります。)

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\3
2300 = "0"

(註：変更前の上記レジストリ値は、「1」となります。)

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\3
1809 = "3"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\1
1206 = "0"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\1
2300 = "0"

(註：変更前の上記レジストリ値は、「1」となります。)

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\1
1809 = "3"

(註：変更前の上記レジストリ値は、「3」となります。)

スパイウェアは、以下のレジストリキーを削除します。

HKEY_LOCAL_MACHINE\SOFTWARE

作成活動

スパイウェアは、以下のファイルを作成します。

• %Application Data%\fowo\fowo.exe
• %User Temp%\WindowsXP-KB968930-x86-ENG.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\eventforwarding.adm
• %System Root%\aee35ada2e57eb58f1a078d9cff819\windowsremotemanagement.adm
• %System Root%\aee35ada2e57eb58f1a078d9cff819\windowsremoteshell.adm
• %System Root%\aee35ada2e57eb58f1a078d9cff819\windowspowershellhelp.chm
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrm.cmd
• %System Root%\aee35ada2e57eb58f1a078d9cff819\compiledcomposition.microsoft.powershell.gpowershell.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.backgroundintelligenttransfer.management.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.backgroundintelligenttransfer.management.interop.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.backgroundintelligenttransfer.management.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.diagnostics.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.diagnostics.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.management.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.management.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.utility.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.utility.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.consolehost.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.consolehost.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.editor.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.editor.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.gpowershell.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.gpowershell.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.graphicalhost.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.graphicalhost.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.security.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.security.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.wsman.management.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.wsman.management.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.wsman.runtime.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\powershell_ise.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\pspluginwkr.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\pwrshmsg.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\pwrshplugin.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\pwrshsip.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\spmsg.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\system.management.automation.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\system.management.automation.resources.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wevtfwd.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrmprov.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrscmd.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrsmgr.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrssrv.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmauto.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmplpxy.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmres.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmsvc.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmwmipl.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\powershell.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\powershell_ise.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\pscustomsetuputil.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\pssetupnativeutils.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\spuninst.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\spupdsvc.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrs.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrshost.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmanhttpconfig.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmprovhost.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wtrinstaller.ico
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrm.ini
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrmprov.mof
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmauto.mof
• %System Root%\aee35ada2e57eb58f1a078d9cff819\powershell.exe.mui
• %System Root%\aee35ada2e57eb58f1a078d9cff819\profile.ps1
• %System Root%\aee35ada2e57eb58f1a078d9cff819\bitstransfer.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\certificate.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\diagnostics.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\dotnettypes.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\filesystem.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\getevent.types.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\help.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\powershellcore.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\powershelltrace.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\registry.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\types.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsman.format.ps1xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\bitstransfer.psd1
• %System Root%\aee35ada2e57eb58f1a078d9cff819\importallmodules.psd1
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_aliases.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_arithmetic_operators.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_arrays.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_assignment_operators.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_automatic_variables.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_bits_cmdlets.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_break.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_command_precedence.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_command_syntax.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_comment_based_help.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_commonparameters.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_comparison_operators.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_continue.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_core_commands.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_data_sections.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_debuggers.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_do.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_environment_variables.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_escape_characters.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_eventlogs.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_execution_policies.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_for.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_foreach.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_format.ps1xml.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_functions.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_functions_advanced.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_functions_advanced_methods.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_functions_advanced_parameters.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_functions_cmdletbindingattribute.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_hash_tables.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_history.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_if.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_job_details.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_jobs.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_join.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_language_keywords.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_line_editing.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_locations.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_logical_operators.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_methods.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_modules.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_objects.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_operators.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_parameters.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_parsing.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_path_syntax.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_pipelines.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_preference_variables.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_profiles.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_prompts.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_properties.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_providers.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_pssession_details.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_pssessions.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_pssnapins.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_quoting_rules.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_redirection.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_ref.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_regular_expressions.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_remote.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_remote_faq.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_remote_jobs.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_remote_output.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_remote_requirements.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_remote_troubleshooting.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_requires.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_reserved_words.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_return.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_scopes.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_script_blocks.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_script_internationalization.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_scripts.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_session_configurations.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_signing.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_special_characters.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_split.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_switch.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_throw.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_transactions.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_trap.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_try_catch_finally.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_type_operators.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_types.ps1xml.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_variables.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_while.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_wildcards.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_windows_powershell_2.0.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_windows_powershell_ise.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_wmi_cmdlets.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\about_ws-management_cmdlets.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\default.help.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\winrm.vbs
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.backgroundintelligenttransfer.management.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.diagnostics.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.management.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.commands.utility.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.consolehost.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.powershell.security.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\microsoft.wsman.management.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\system.management.automation.dll-help.xml
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmpty.xsl
• %System Root%\aee35ada2e57eb58f1a078d9cff819\wsmtxt.xsl
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\kb968930xp.cat
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\spcustom.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\updspapi.dll
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\update.exe
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\update.inf
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\eula.txt
• %System Root%\aee35ada2e57eb58f1a078d9cff819\update\update.ver
• %System Root%\aee35ada2e57eb58f1a078d9cff819\$shtdwn$.req

その他

スパイウェアは、以下の不正なWebサイトにアクセスします。

• http://{BLOCKED}7.72.90
• http://{BLOCKED}7.72.90/{random path}
• {BLOCKED}.62.64
• {BLOCKED}.224.250
• {BLOCKED}.91.155
• {BLOCKED}.114.62
• {BLOCKED}.173.79
• {BLOCKED}1.144.167
• {BLOCKED}.122.7
• {BLOCKED}243.184
• {BLOCKED}.122.175
• {BLOCKED}4.247.68
• {BLOCKED}0.36.45
• {BLOCKED}.242.184
• {BLOCKED}1.179.188
• {BLOCKED}.228.145
• {BLOCKED}.56.190
• {BLOCKED}.67.2
• {BLOCKED}.170.208
• {BLOCKED}7.150.46
• {BLOCKED}.226.6
• {BLOCKED}4.132.163
• {BLOCKED}1.26.173
• {BLOCKED}5.167.116
• {BLOCKED}2.156.227
• {BLOCKED}7.63.122
• {BLOCKED}.173.210
• {BLOCKED}.134.182
• {BLOCKED}0.5.155
• {BLOCKED}8.255.61
• {BLOCKED}.197.200
• {BLOCKED}.166.199
• {BLOCKED}16.246
• {BLOCKED}2.193
• {BLOCKED}6.7
• {BLOCKED}.214.149
• {BLOCKED}0.110.255
• {BLOCKED}0.31.186
• {BLOCKED}.179.208
• {BLOCKED}3.252.221
• {BLOCKED}.40.136
• {BLOCKED}5.69.1
• {BLOCKED}4.126.219
• {BLOCKED}1.1.255
• {BLOCKED}5.100.119
• {BLOCKED}.196.232
• {BLOCKED}1.179.235
• {BLOCKED}168.206
• {BLOCKED}.212.216
• {BLOCKED}5.219.121
• {BLOCKED}.251.99
• {BLOCKED}.172.177
• {BLOCKED}19.237
• {BLOCKED}4.188.58
• {BLOCKED}224.63
• {BLOCKED}8.109.60
• {BLOCKED}110.234
• {BLOCKED}4.167.102
• {BLOCKED}.35.26
• {BLOCKED}8.149.145
• {BLOCKED}.122.82
• {BLOCKED}.103.252
• {BLOCKED}.149.209
• {BLOCKED}6.159.103
• {BLOCKED}.15.240
• {BLOCKED}8.64.62
• {BLOCKED}.239.67
• {BLOCKED}4.32.177
• {BLOCKED}.128.211
• {BLOCKED}3.55.139
• {BLOCKED}4.45.185
• {BLOCKED}.129.162
• {BLOCKED}.139.37
• {BLOCKED}.178.90
• {BLOCKED}.162.13
• {BLOCKED}186.133
• {BLOCKED}.95.240
• {BLOCKED}7.80.245
• {BLOCKED}.107.228
• {BLOCKED}0.15.237
• {BLOCKED}253.83
• {BLOCKED}.203.170
• {BLOCKED}6.170.156
• {BLOCKED}.26.155
• {BLOCKED}9.179.214
• {BLOCKED}159.5
• {BLOCKED}67.72
• {BLOCKED}9.243.3
• {BLOCKED}173.80
• {BLOCKED}.18.120
• {BLOCKED}4.138.77
• {BLOCKED}.21.207
• {BLOCKED}2.117.162
• {BLOCKED}.251.141
• {BLOCKED}9.202
• {BLOCKED}3.244.104
• {BLOCKED}.178.70
• {BLOCKED}4.227.148
• {BLOCKED}0.98.59
• {BLOCKED}.27.162
• {BLOCKED}3.69.22
• {BLOCKED}.36.110
• {BLOCKED}9.245.109
• {BLOCKED}6.45.147
• {BLOCKED}.7.221
• {BLOCKED}.94.129
• {BLOCKED}231.199
• {BLOCKED}.219.246
• {BLOCKED}7.29.29
• {BLOCKED}.88.115
• {BLOCKED}5.196.215
• {BLOCKED}8.238.122
• {BLOCKED}166.26
• {BLOCKED}.85.80
• {BLOCKED}4.150.138
• {BLOCKED}.222.186
• {BLOCKED}2.253.72
• {BLOCKED}6.88.106
• {BLOCKED}.52.2
• {BLOCKED}3.179
• {BLOCKED}1.78.113
• {BLOCKED}5.216.230
• {BLOCKED}.4.152
• {BLOCKED}4.116
• {BLOCKED}249.81
• {BLOCKED}.70.98
• {BLOCKED}8.32.98
• {BLOCKED}.148.27
• {BLOCKED}2.160
• {BLOCKED}.57.85
• {BLOCKED}121.120
• {BLOCKED}.201.34
• {BLOCKED}32.202
• {BLOCKED}172.17
• {BLOCKED}.1.56
• {BLOCKED}.160.3
• {BLOCKED}3.23.131
• {BLOCKED}99.72
• {BLOCKED}1.136.78
• {BLOCKED}142.104
• {BLOCKED}.221.77
• {BLOCKED}7.67.11
• {BLOCKED}5.132.103
• {BLOCKED}4.45.220
• {BLOCKED}.161.173
• {BLOCKED}.95.214
• {BLOCKED}.149.211
• {BLOCKED}5.124.167
• {BLOCKED}42.22
• {BLOCKED}9.8.4
• {BLOCKED}2.208
• {BLOCKED}.254.146
• {BLOCKED}.68.88
• {BLOCKED}1.86.165
• {BLOCKED}17.27
• {BLOCKED}36.81
• {BLOCKED}9.140.217
• {BLOCKED}203.92
• {BLOCKED}.43.64
• {BLOCKED}143.115
• {BLOCKED}.60.192
• {BLOCKED}3.142.171
• {BLOCKED}1.244.163
• {BLOCKED}.196.219
• {BLOCKED}8.20.117
• {BLOCKED}5.34.59
• {BLOCKED}.111.136
• {BLOCKED}.121.202
• {BLOCKED}7.251.179
• {BLOCKED}.39.131
• {BLOCKED}8.152.116
• {BLOCKED}.3.162
• {BLOCKED}22.209
• {BLOCKED}.205.67
• {BLOCKED}3.77.95
• {BLOCKED}5.119.6
• {BLOCKED}7.153.35
• {BLOCKED}.10.67
• {BLOCKED}186.173
• {BLOCKED}.110.64
• {BLOCKED}.118.226
• {BLOCKED}0.144.243
• {BLOCKED}252.15
• {BLOCKED}.96.208
• {BLOCKED}.242.21
• {BLOCKED}.232.155
• {BLOCKED}235.224
• {BLOCKED}225.231
• {BLOCKED}5.83.204
• {BLOCKED}5.23.80
• {BLOCKED}.25.195
• {BLOCKED}8.39.126
• {BLOCKED}.196.92
• {BLOCKED}.40.221
• {BLOCKED}.99.52
• {BLOCKED}211.238
• {BLOCKED}20.244
• {BLOCKED}7.68.236
• {BLOCKED}.52.216
• {BLOCKED}5.70.8
• {BLOCKED}.37.215
• {BLOCKED}.171.160
• {BLOCKED}.215.212
• {BLOCKED}.137.16
• {BLOCKED}.66.83
• {BLOCKED}.219.75
• {BLOCKED}1.164.239
• {BLOCKED}93.51
• {BLOCKED}40.41
• {BLOCKED}6.9.194
• {BLOCKED}.10.65
• {BLOCKED}6.126.19
• {BLOCKED}9.165.7
• {BLOCKED}.3.146
• {BLOCKED}0.176.203
• {BLOCKED}.2.163
• {BLOCKED}1.158.224
• {BLOCKED}.81.208
• {BLOCKED}0.33.39
• {BLOCKED}.86.79
• {BLOCKED}.27.23
• {BLOCKED}.136.247
• {BLOCKED}129.162
• {BLOCKED}.111.185
• {BLOCKED}.162.191
• {BLOCKED}4.246.241
• {BLOCKED}.214.77
• {BLOCKED}23.198
• {BLOCKED}2.149.17
• {BLOCKED}9.196.6
• {BLOCKED}99.45
• {BLOCKED}5.190.189
• {BLOCKED}.47.255
• {BLOCKED}6.116.99
• {BLOCKED}.136.30
• {BLOCKED}.91.68
• {BLOCKED}0.170.236
• {BLOCKED}1.91.122
• {BLOCKED}.255.102
• {BLOCKED}170.12

スパイウェアは、実行後、自身を削除します。

このウイルス情報は、自動解析システムにより作成されました。