Trojan.Win32.BOXTER.REI

2022年9月6日

解析者: Jeffrey Francis Bonaobra

プラットフォーム:

Windows

危険度:

ダメージ度:

感染力:

感染確認数:

情報漏えい:

マルウェアタイプ: トロイの木馬型
破壊活動の有無: なし
暗号化:
感染報告の有無: はい

概要

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

詳細

ファイルサイズ 101,376 bytes

タイプ EXE

メモリ常駐なし

発見日 2022年8月31日

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、以下のフォルダを追加します。

{Malware file path}\__{Computer name}_{Computer name}
{Malware file path}\__{Computer name}_{Computer name}\C_MFT
{Malware file path}\__{Computer name}_{Computer name}\D_MFT
{Malware file path}\__{Computer name}_{Computer name}\Evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs
{Malware file path}\__{Computer name}_{Computer name}\Evtx\TraceFormat
{Malware file path}\__{Computer name}_{Computer name}\GP
{Malware file path}\__{Computer name}_{Computer name}\GP
{Malware file path}\__{Computer name}_{Computer name}\HOSTS
{Malware file path}\__{Computer name}_{Computer name}\Hive
{Malware file path}\__{Computer name}_{Computer name}\Net
{Malware file path}\__{Computer name}_{Computer name}\Prefetch
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot
{Malware file path}\__{Computer name}_{Computer name}\USB
{Malware file path}\__{Computer name}_{Computer name}\tasks

マルウェアは、以下のファイルを作成します。

%User Temp%\{random characters}.tmp\{random characters}.tmp\{random characters}.bat
{Malware file path}\__{Computer name}_{Computer name}\GP\auditpol.log
{Malware file path}\__{Computer name}_{Computer name}\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SA.DAT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_Task.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskInfo.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskExport.log
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Application.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\DebugChannel.etl
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\HardwareEvents.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Internet Explorer.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Key Management Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Media Center.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CAPI2%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-International%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Known Folders API Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NCSI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-PrintService%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-RestartManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\OAlerts.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Security.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Setup.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\System.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\ThinPrint Diagnostics.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Windows PowerShell.evtx
{Malware file path}\__{Computer name}_{Computer name}\info.txt
{Malware file path}\__{Computer name}_{Computer name}\ipconfig.displaydns.log
{Malware file path}\__{Computer name}_{Computer name}\HotFix.log
{Malware file path}\__{Computer name}_{Computer name}\userinfo.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.useraccount.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.group.log
{Malware file path}\__{Computer name}_{Computer name}\Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\PS_Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.ini
{Malware file path}\__{Computer name}_{Computer name}\C_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\D_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\listdll.log
{Malware file path}\__{Computer name}_{Computer name}\pslist.log
{Malware file path}\__{Computer name}_{Computer name}\handle.log
{Malware file path}\__{Computer name}_{Computer name}\Hive\system
{Malware file path}\__{Computer name}_{Computer name}\Hive\security
{Malware file path}\__{Computer name}_{Computer name}\Hive\sam
{Malware file path}\__{Computer name}_{Computer name}\Hive\software
{Malware file path}\__{Computer name}_{Computer name}\Hive\hkcu
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-C2660688.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-FEB1D86C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ADDINUTIL.EXE-8F48E508.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgAppLaunch.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFaultHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFgAppHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlGlobalHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_P_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgRobust.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AUDIODG.EXE-D0D776AC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BCSSYNC.EXE-E11E559D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BGINFO.EXE-9E555CC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BSPATCH.EXE-6A7B3EA2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CALC.EXE-AC08706A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHRMSTP.EXE-2A1116EB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME.EXE-0548EF22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-98B1510F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-F6621FA9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESTANDALONESETUP[1].EXE-3944B7A7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME_INSTALLER.EXE-AB9EEF8D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CLRGC.EXE-C9F2E9F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CMD.EXE-89305D47.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMPMGMTLAUNCHER.EXE-0BF80059.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMREG.EXE-BE2DC5C3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONHOST.EXE-3218E401.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONSENT.EXE-65F6206D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONTROL.EXE-9459D5A0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CSC.EXE-4EF173D0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CVTRES.EXE-419E4E46.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DEFRAG.EXE-738093E8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DFSVC.EXE-F21F20D2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-71214090.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-893DDF55.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-98F9DD7B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-B878541A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DRVINST.EXE-5F8E77CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DUMPCAP.EXE-2A5B8C13.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\EXPLORER.EXE-7A3328DA.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\FINDSTR.EXE-4176B665.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-0CBA4D22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-1E5C1659.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-427A0127.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-45E34A42.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-D77985DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATEONDEMAND.EXE-6FB0E552.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATESETUP.EXE-469721E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GRPCONV.EXE-CAFD68AE.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HIEW32.EXE-D6994337.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HTTPLOG.EXE-901D1EAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IE4UINIT.EXE-0BC11EF2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IEXPLORE.EXE-1B894AFB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\INSTALLER.EXE-C8BCFA78.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVA.EXE-6C3C2DFD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAW.EXE-39514CA8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAWS.EXE-A1EB6307.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JP2LAUNCHER.EXE-5178D6A9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-3D412F2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-8A54673C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\Layout.ini
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LODCTR.EXE-8DBE540B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LOGONUI.EXE-1BEE4A84.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MMC.EXE-94CB0423.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOFCOMP.EXE-CDA1E783.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPAS-FE.EXE-ACEABF68.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPSIGSTUB.EXE-C23046E2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-C735E247.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-FAA88858.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSDT.EXE-3D8E9353.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSIEXEC.EXE-B5AFA339.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET.EXE-1DF3A2F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET1.EXE-B8A8247B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NETSH.EXE-3DD790C5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NGEN.EXE-DEAF5A03.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NOTEPAD.EXE-EB1B961A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NSBA5C.TMP-688C394D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NTOSBOOT-B00DFAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\OLLYDBG.EXE-1373067B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PCWRUN.EXE-D23AB51E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PfSvPerfStats.bin
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PRINTUI.EXE-E9F4354A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PROCEXP.EXE-58E58AD1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-125D4518.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-1A2DED2F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-29004854.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-77ECDFC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-7DDA7264.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-A29D70BB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-AFD98684.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-C2775519.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNONCE.EXE-E33ED995.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SC.EXE-BC6DAF49.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SDIAGNHOST.EXE-67CD1457.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-9F182B59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-C02DCB51.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-D07E02CF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-F8B4C0C4.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUPUTILITY.EXE-74ED67E3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPOOLSV.EXE-E4D0FF39.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPPSVC.EXE-CBE91656.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-135A30D8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-18D06B2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8DA0BAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8FD92526.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-93CEEE07.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SYSTRACERX32.EXE-9CC57CD5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKENG.EXE-5BAF290C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKHOST.EXE-437C05A8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKMGR.EXE-72398DC0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TCPVIEW.EXE-19A69C12.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNECT.EXE-F29212C1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNSVC.EXE-3F58EC59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPVCGATEWAY.EXE-DBBE6AB9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\UNPACK200.EXE-1F45AE4F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\USBPCAPSETUP-1.1.0.0-G794BF26-DA7EEBDB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VCREDIST_X86.EXE-E7846A26.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDS.EXE-AD27F0DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDSLDR.EXE-85F9A1C6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMTOOLSD.EXE-0AD357E6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMWARETRAY.EXE-1DBB7768.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VSSVC.EXE-04D079CC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WERMGR.EXE-2A1BCBC7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WEVTUTIL.EXE-C09B744F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINPCAP_4_1_3.EXE-CFB61F1C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINRAR.EXE-6F42D4E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINSAT.EXE-F927CE81.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK-WIN32-2.2.0.EXE-40FBE1EF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK.EXE-A9E3CE41.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIADAP.EXE-369DF1CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIC.EXE-B77E8CD6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIPRVSE.EXE-43972D0F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WUAUCLT.EXE-830BCC14.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace4.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace5.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace6.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace7.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace8.fx
{Malware file path}\__{Computer name}_{Computer name}\arp.txt
{Malware file path}\__{Computer name}_{Computer name}\RoutePrint.txt
{Malware file path}\__{Computer name}_{Computer name}\HOSTS\hosts
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.dev.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.app.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.offline.log
{Malware file path}\__{Computer name}_{Computer name}\USB\usb.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.use.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.share.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.session.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.account.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.sec.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service_detail.log
{Malware file path}\__{Computer name}_{Computer name}\ShimCacheParser.log
{Malware file path}\__{Computer name}_{Computer name}\GP\reg_screenave.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_acesschk_service.log

(註：%User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\＜ユーザー名＞\Local Settings\Temp"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\＜ユーザ名＞\AppData\Local\Temp" です。)

マルウェアは、以下のプロセスを追加します。

"%System%\cmd" /c "%User Temp%\{random characters}.tmp\{random characters}.tmp\{random characters}.bat "{Malware file path}\{Malware file name}""
%System%\cmd.exe /c wmic os get Caption
wmic os get Caption
%System%\cmd.exe /c wmic os get CSDversion
wmic os get CSDversion
%System%\cmd.exe /c wmic os get OSArchitecture
wmic os get OSArchitecture
auditpol /get /category:*
xcopy %Windows%\Tasks {Malware file path}\__{Computer name}_{Computer name}\tasks /s /I /y /h
powershell -NonInteractive -Command "Get-ScheduledTask"
powershell -NonInteractive -Command "Get-ScheduledTask | Get-ScheduledTaskInfo"
powershell -NonInteractive -Command "Get-ScheduledTask | Export-ScheduledTask"
xcopy %System%\winevt {Malware file path}\__{Computer name}_{Computer name}\Evtx\ /H /E /J /Q
ipconfig
systeminfo
ipconfig /displaydns
powershell -NonInteractive -Command "Get-HotFix"
powershell -NonInteractive -Command "Get-LocalUser"
powershell -NonInteractive -Command "Get-LocalGroup"
powershell -NonInteractive -Command "Get-LocalGroupMember Administrators"
wmic /output:"{Malware file path}\__{Computer name}_{Computer name}\wmic.useraccount.log" useraccount list Full
wmic /output:"{Malware file path}\__{Computer name}_{Computer name}\wmic.group.log" group list Full
wmic /output:"{Malware file path}\__{Computer name}_{Computer name}\Installed_Program.log" product list full
powershell -NonInteractive -Command "Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate"
secedit /export /cfg {Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.ini /log {Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.log
secedit /analyze /db {Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.db /cfg {Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.ini /log {Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.log
reg save HKLM\SYSTEM {Malware file path}\__{Computer name}_{Computer name}\Hive\system
reg save HKLM\SECURITY {Malware file path}\__{Computer name}_{Computer name}\Hive\security
reg save HKLM\SAM {Malware file path}\__{Computer name}_{Computer name}\Hive\sam
reg save HKLM\SOFTWARE {Malware file path}\__{Computer name}_{Computer name}\Hive\software
reg save HKCU {Malware file path}\__{Computer name}_{Computer name}\Hive\hkcu
xcopy %Windows%\Prefetch {Malware file path}\__{Computer name}_{Computer name}\Prefetch\ /H /E /J /Q
arp -a
route print
xcopy %System%\drivers\etc\hosts {Malware file path}\__{Computer name}_{Computer name}\HOSTS\ /H /E /J /Q
xcopy %Windows%\inf\setupapi.dev.log {Malware file path}\__{Computer name}_{Computer name}\USB\
xcopy %Windows%\inf\setupapi.app.log {Malware file path}\__{Computer name}_{Computer name}\USB\
xcopy %Windows%\inf\setupapi.offline.log {Malware file path}\__{Computer name}_{Computer name}\USB\
net use /y
net share /y
%System%\net1 share /y
net sessions /list
%System%\net1 sessions /list
net accounts
%System%\net1 accounts
powershell -NonInteractive -Command "Get-NetAdapter | Out-File {Malware file path}\__{Computer name}_{Computer name}\Net\PS_Interface.log"
powershell -NonInteractive -Command " Get-NetIPAddress| Out-File {Malware file path}\__{Computer name}_{Computer name}\Net\PS_InterfaceIP.log"
powershell -NonInteractive -Command "Get-NetConnectionProfile | Out-File {Malware file path}\__{Computer name}_{Computer name}\Net\PS_ConnectionProfile.log"
powershell -NonInter active -Command " Get-NetTCPConnection | Out-File {Malware file path}\__{Computer name}_{Computer name}\Net\PS_Connection.log"
powershell -NonInteractive -Command "Get-Service | Select-Object Name, DisplayName, Status, StartType"
powershell -NonInteractive -Command "Get-CimInstance ??lassName Win32_Service | Select-Object Name, DisplayName,StartMode, State, PathName, StartName, ServiceType"
reg query "HKCU\Control Panel\Desktop"

対応方法

対応検索エンジン: 9.800

初回 VSAPI パターンバージョン 17.794.03

初回 VSAPI パターンリリース日 2022年9月5日

VSAPI OPR パターンバージョン 17.795.00

VSAPI OPR パターンリリース日 2022年9月6日

手順 1

トレンドマイクロの機械学習型検索は、マルウェアの存在を示す兆候が確認された時点で検出し、マルウェアが実行される前にブロックします。機械学習型検索が有効になっている場合、弊社のウイルス対策製品はこのマルウェアを以下の機械学習型検出名として検出します。

Troj.Win32.TRX.XXPE50FFF060

手順 2

Windows 7、Windows 8、Windows 8.1、および Windows 10 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 3

このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム（OS）の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル／フォルダ／レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。

手順 4

以下のファイルを検索し削除します。

[ 詳細 ]

コンポーネントファイルが隠しファイル属性に設定されている場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。

%User Temp%\{random characters}.tmp\{random characters}.tmp\{random characters}.bat
{Malware file path}\__{Computer name}_{Computer name}\GP\auditpol.log
{Malware file path}\__{Computer name}_{Computer name}\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SA.DAT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_Task.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskInfo.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskExport.log
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Application.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\DebugChannel.etl
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\HardwareEvents.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Internet Explorer.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Key Management Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Media Center.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CAPI2%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-International%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Known Folders API Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NCSI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-PrintService%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-RestartManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\OAlerts.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Security.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Setup.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\System.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\ThinPrint Diagnostics.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Windows PowerShell.evtx
{Malware file path}\__{Computer name}_{Computer name}\info.txt
{Malware file path}\__{Computer name}_{Computer name}\ipconfig.displaydns.log
{Malware file path}\__{Computer name}_{Computer name}\HotFix.log
{Malware file path}\__{Computer name}_{Computer name}\userinfo.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.useraccount.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.group.log
{Malware file path}\__{Computer name}_{Computer name}\Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\PS_Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.ini
{Malware file path}\__{Computer name}_{Computer name}\C_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\D_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\listdll.log
{Malware file path}\__{Computer name}_{Computer name}\pslist.log
{Malware file path}\__{Computer name}_{Computer name}\handle.log
{Malware file path}\__{Computer name}_{Computer name}\Hive\system
{Malware file path}\__{Computer name}_{Computer name}\Hive\security
{Malware file path}\__{Computer name}_{Computer name}\Hive\sam
{Malware file path}\__{Computer name}_{Computer name}\Hive\software
{Malware file path}\__{Computer name}_{Computer name}\Hive\hkcu
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-C2660688.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-FEB1D86C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ADDINUTIL.EXE-8F48E508.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgAppLaunch.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFaultHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFgAppHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlGlobalHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_P_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgRobust.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AUDIODG.EXE-D0D776AC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BCSSYNC.EXE-E11E559D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BGINFO.EXE-9E555CC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BSPATCH.EXE-6A7B3EA2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CALC.EXE-AC08706A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHRMSTP.EXE-2A1116EB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME.EXE-0548EF22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-98B1510F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-F6621FA9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESTANDALONESETUP[1].EXE-3944B7A7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME_INSTALLER.EXE-AB9EEF8D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CLRGC.EXE-C9F2E9F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CMD.EXE-89305D47.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMPMGMTLAUNCHER.EXE-0BF80059.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMREG.EXE-BE2DC5C3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONHOST.EXE-3218E401.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONSENT.EXE-65F6206D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONTROL.EXE-9459D5A0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CSC.EXE-4EF173D0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CVTRES.EXE-419E4E46.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DEFRAG.EXE-738093E8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DFSVC.EXE-F21F20D2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-71214090.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-893DDF55.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-98F9DD7B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-B878541A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DRVINST.EXE-5F8E77CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DUMPCAP.EXE-2A5B8C13.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\EXPLORER.EXE-7A3328DA.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\FINDSTR.EXE-4176B665.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-0CBA4D22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-1E5C1659.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-427A0127.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-45E34A42.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-D77985DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATEONDEMAND.EXE-6FB0E552.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATESETUP.EXE-469721E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GRPCONV.EXE-CAFD68AE.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HIEW32.EXE-D6994337.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HTTPLOG.EXE-901D1EAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IE4UINIT.EXE-0BC11EF2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IEXPLORE.EXE-1B894AFB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\INSTALLER.EXE-C8BCFA78.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVA.EXE-6C3C2DFD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAW.EXE-39514CA8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAWS.EXE-A1EB6307.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JP2LAUNCHER.EXE-5178D6A9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-3D412F2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-8A54673C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\Layout.ini
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LODCTR.EXE-8DBE540B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LOGONUI.EXE-1BEE4A84.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MMC.EXE-94CB0423.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOFCOMP.EXE-CDA1E783.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPAS-FE.EXE-ACEABF68.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPSIGSTUB.EXE-C23046E2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-C735E247.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-FAA88858.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSDT.EXE-3D8E9353.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSIEXEC.EXE-B5AFA339.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET.EXE-1DF3A2F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET1.EXE-B8A8247B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NETSH.EXE-3DD790C5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NGEN.EXE-DEAF5A03.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NOTEPAD.EXE-EB1B961A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NSBA5C.TMP-688C394D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NTOSBOOT-B00DFAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\OLLYDBG.EXE-1373067B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PCWRUN.EXE-D23AB51E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PfSvPerfStats.bin
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PRINTUI.EXE-E9F4354A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PROCEXP.EXE-58E58AD1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-125D4518.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-1A2DED2F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-29004854.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-77ECDFC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-7DDA7264.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-A29D70BB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-AFD98684.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-C2775519.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNONCE.EXE-E33ED995.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SC.EXE-BC6DAF49.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SDIAGNHOST.EXE-67CD1457.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-9F182B59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-C02DCB51.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-D07E02CF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-F8B4C0C4.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUPUTILITY.EXE-74ED67E3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPOOLSV.EXE-E4D0FF39.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPPSVC.EXE-CBE91656.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-135A30D8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-18D06B2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8DA0BAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8FD92526.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-93CEEE07.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SYSTRACERX32.EXE-9CC57CD5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKENG.EXE-5BAF290C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKHOST.EXE-437C05A8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKMGR.EXE-72398DC0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TCPVIEW.EXE-19A69C12.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNECT.EXE-F29212C1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNSVC.EXE-3F58EC59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPVCGATEWAY.EXE-DBBE6AB9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\UNPACK200.EXE-1F45AE4F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\USBPCAPSETUP-1.1.0.0-G794BF26-DA7EEBDB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VCREDIST_X86.EXE-E7846A26.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDS.EXE-AD27F0DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDSLDR.EXE-85F9A1C6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMTOOLSD.EXE-0AD357E6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMWARETRAY.EXE-1DBB7768.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VSSVC.EXE-04D079CC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WERMGR.EXE-2A1BCBC7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WEVTUTIL.EXE-C09B744F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINPCAP_4_1_3.EXE-CFB61F1C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINRAR.EXE-6F42D4E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINSAT.EXE-F927CE81.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK-WIN32-2.2.0.EXE-40FBE1EF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK.EXE-A9E3CE41.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIADAP.EXE-369DF1CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIC.EXE-B77E8CD6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIPRVSE.EXE-43972D0F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WUAUCLT.EXE-830BCC14.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace4.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace5.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace6.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace7.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace8.fx
{Malware file path}\__{Computer name}_{Computer name}\arp.txt
{Malware file path}\__{Computer name}_{Computer name}\RoutePrint.txt
{Malware file path}\__{Computer name}_{Computer name}\HOSTS\hosts
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.dev.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.app.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.offline.log
{Malware file path}\__{Computer name}_{Computer name}\USB\usb.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.use.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.share.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.session.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.account.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.sec.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service_detail.log
{Malware file path}\__{Computer name}_{Computer name}\ShimCacheParser.log
{Malware file path}\__{Computer name}_{Computer name}\GP\reg_screenave.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_acesschk_service.log

マルウェアのコンポーネントファイルの削除：

Windows 2000、XP および Server 2003 の場合：

[スタート]-[検索]-[ファイルとフォルダすべて]を選択します。
[ファイル名のすべてまたは一部]に以下のファイル名を入力してください。
%User Temp%\{random characters}.tmp\{random characters}.tmp\{random characters}.bat
{Malware file path}\__{Computer name}_{Computer name}\GP\auditpol.log
{Malware file path}\__{Computer name}_{Computer name}\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SA.DAT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_Task.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskInfo.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskExport.log
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Application.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\DebugChannel.etl
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\HardwareEvents.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Internet Explorer.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Key Management Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Media Center.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CAPI2%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-International%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Known Folders API Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NCSI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-PrintService%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-RestartManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\OAlerts.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Security.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Setup.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\System.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\ThinPrint Diagnostics.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Windows PowerShell.evtx
{Malware file path}\__{Computer name}_{Computer name}\info.txt
{Malware file path}\__{Computer name}_{Computer name}\ipconfig.displaydns.log
{Malware file path}\__{Computer name}_{Computer name}\HotFix.log
{Malware file path}\__{Computer name}_{Computer name}\userinfo.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.useraccount.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.group.log
{Malware file path}\__{Computer name}_{Computer name}\Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\PS_Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.ini
{Malware file path}\__{Computer name}_{Computer name}\C_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\D_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\listdll.log
{Malware file path}\__{Computer name}_{Computer name}\pslist.log
{Malware file path}\__{Computer name}_{Computer name}\handle.log
{Malware file path}\__{Computer name}_{Computer name}\Hive\system
{Malware file path}\__{Computer name}_{Computer name}\Hive\security
{Malware file path}\__{Computer name}_{Computer name}\Hive\sam
{Malware file path}\__{Computer name}_{Computer name}\Hive\software
{Malware file path}\__{Computer name}_{Computer name}\Hive\hkcu
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-C2660688.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-FEB1D86C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ADDINUTIL.EXE-8F48E508.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgAppLaunch.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFaultHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFgAppHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlGlobalHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_P_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgRobust.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AUDIODG.EXE-D0D776AC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BCSSYNC.EXE-E11E559D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BGINFO.EXE-9E555CC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BSPATCH.EXE-6A7B3EA2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CALC.EXE-AC08706A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHRMSTP.EXE-2A1116EB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME.EXE-0548EF22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-98B1510F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-F6621FA9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESTANDALONESETUP[1].EXE-3944B7A7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME_INSTALLER.EXE-AB9EEF8D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CLRGC.EXE-C9F2E9F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CMD.EXE-89305D47.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMPMGMTLAUNCHER.EXE-0BF80059.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMREG.EXE-BE2DC5C3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONHOST.EXE-3218E401.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONSENT.EXE-65F6206D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONTROL.EXE-9459D5A0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CSC.EXE-4EF173D0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CVTRES.EXE-419E4E46.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DEFRAG.EXE-738093E8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DFSVC.EXE-F21F20D2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-71214090.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-893DDF55.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-98F9DD7B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-B878541A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DRVINST.EXE-5F8E77CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DUMPCAP.EXE-2A5B8C13.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\EXPLORER.EXE-7A3328DA.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\FINDSTR.EXE-4176B665.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-0CBA4D22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-1E5C1659.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-427A0127.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-45E34A42.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-D77985DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATEONDEMAND.EXE-6FB0E552.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATESETUP.EXE-469721E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GRPCONV.EXE-CAFD68AE.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HIEW32.EXE-D6994337.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HTTPLOG.EXE-901D1EAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IE4UINIT.EXE-0BC11EF2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IEXPLORE.EXE-1B894AFB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\INSTALLER.EXE-C8BCFA78.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVA.EXE-6C3C2DFD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAW.EXE-39514CA8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAWS.EXE-A1EB6307.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JP2LAUNCHER.EXE-5178D6A9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-3D412F2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-8A54673C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\Layout.ini
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LODCTR.EXE-8DBE540B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LOGONUI.EXE-1BEE4A84.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MMC.EXE-94CB0423.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOFCOMP.EXE-CDA1E783.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPAS-FE.EXE-ACEABF68.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPSIGSTUB.EXE-C23046E2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-C735E247.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-FAA88858.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSDT.EXE-3D8E9353.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSIEXEC.EXE-B5AFA339.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET.EXE-1DF3A2F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET1.EXE-B8A8247B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NETSH.EXE-3DD790C5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NGEN.EXE-DEAF5A03.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NOTEPAD.EXE-EB1B961A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NSBA5C.TMP-688C394D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NTOSBOOT-B00DFAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\OLLYDBG.EXE-1373067B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PCWRUN.EXE-D23AB51E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PfSvPerfStats.bin
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PRINTUI.EXE-E9F4354A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PROCEXP.EXE-58E58AD1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-125D4518.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-1A2DED2F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-29004854.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-77ECDFC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-7DDA7264.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-A29D70BB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-AFD98684.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-C2775519.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNONCE.EXE-E33ED995.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SC.EXE-BC6DAF49.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SDIAGNHOST.EXE-67CD1457.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-9F182B59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-C02DCB51.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-D07E02CF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-F8B4C0C4.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUPUTILITY.EXE-74ED67E3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPOOLSV.EXE-E4D0FF39.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPPSVC.EXE-CBE91656.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-135A30D8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-18D06B2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8DA0BAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8FD92526.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-93CEEE07.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SYSTRACERX32.EXE-9CC57CD5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKENG.EXE-5BAF290C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKHOST.EXE-437C05A8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKMGR.EXE-72398DC0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TCPVIEW.EXE-19A69C12.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNECT.EXE-F29212C1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNSVC.EXE-3F58EC59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPVCGATEWAY.EXE-DBBE6AB9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\UNPACK200.EXE-1F45AE4F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\USBPCAPSETUP-1.1.0.0-G794BF26-DA7EEBDB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VCREDIST_X86.EXE-E7846A26.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDS.EXE-AD27F0DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDSLDR.EXE-85F9A1C6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMTOOLSD.EXE-0AD357E6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMWARETRAY.EXE-1DBB7768.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VSSVC.EXE-04D079CC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WERMGR.EXE-2A1BCBC7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WEVTUTIL.EXE-C09B744F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINPCAP_4_1_3.EXE-CFB61F1C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINRAR.EXE-6F42D4E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINSAT.EXE-F927CE81.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK-WIN32-2.2.0.EXE-40FBE1EF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK.EXE-A9E3CE41.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIADAP.EXE-369DF1CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIC.EXE-B77E8CD6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIPRVSE.EXE-43972D0F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WUAUCLT.EXE-830BCC14.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace4.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace5.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace6.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace7.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace8.fx
{Malware file path}\__{Computer name}_{Computer name}\arp.txt
{Malware file path}\__{Computer name}_{Computer name}\RoutePrint.txt
{Malware file path}\__{Computer name}_{Computer name}\HOSTS\hosts
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.dev.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.app.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.offline.log
{Malware file path}\__{Computer name}_{Computer name}\USB\usb.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.use.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.share.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.session.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.account.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.sec.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service_detail.log
{Malware file path}\__{Computer name}_{Computer name}\ShimCacheParser.log
{Malware file path}\__{Computer name}_{Computer name}\GP\reg_screenave.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_acesschk_service.log
[探す場所]の一覧から[マイコンピュータ]を選択し、[検索]を押します。
検索が終了したら、ファイルを選択し、SHIFT+DELETE を押します。これにより、ファイルが完全に削除されます。
註：ファイル名の入力欄のタイトルは、Windowsのバージョンによって異なります。（例：ファイルやフォルダ名の検索の場合やファイル名のすべてまたは一部での検索）

Windows Vista、7、Server 2008、8、8.1 および Server 2012 の場合：

Windowsエクスプローラ画面を開きます。
- Windows Vista、7 および Server 2008 の場合：
  - [スタート]-[コンピューター]を選択します。
- Windows 8、8.1 および Server 2012 の場合：
  - 画面の左下隅を右クリックし、[エクスプローラー]を選択します。
[コンピューターの検索]に、以下を入力します。
%User Temp%\{random characters}.tmp\{random characters}.tmp\{random characters}.bat
{Malware file path}\__{Computer name}_{Computer name}\GP\auditpol.log
{Malware file path}\__{Computer name}_{Computer name}\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SA.DAT
{Malware file path}\__{Computer name}_{Computer name}\tasks\SCHEDLGU.TXT
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_Task.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskInfo.log
{Malware file path}\__{Computer name}_{Computer name}\tasks\PS_TaskExport.log
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Application.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\DebugChannel.etl
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\HardwareEvents.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Internet Explorer.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Key Management Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Media Center.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CAPI2%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-International%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Known Folders API Service.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-MUI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NCSI%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-PrintService%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-RestartManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\OAlerts.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Security.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Setup.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\System.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\ThinPrint Diagnostics.evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs\Windows PowerShell.evtx
{Malware file path}\__{Computer name}_{Computer name}\info.txt
{Malware file path}\__{Computer name}_{Computer name}\ipconfig.displaydns.log
{Malware file path}\__{Computer name}_{Computer name}\HotFix.log
{Malware file path}\__{Computer name}_{Computer name}\userinfo.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.useraccount.log
{Malware file path}\__{Computer name}_{Computer name}\wmic.group.log
{Malware file path}\__{Computer name}_{Computer name}\Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\PS_Installed_Program.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.log
{Malware file path}\__{Computer name}_{Computer name}\GP\{Computer name}.gp.ini
{Malware file path}\__{Computer name}_{Computer name}\C_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\D_file_a.s.tc.q.log
{Malware file path}\__{Computer name}_{Computer name}\listdll.log
{Malware file path}\__{Computer name}_{Computer name}\pslist.log
{Malware file path}\__{Computer name}_{Computer name}\handle.log
{Malware file path}\__{Computer name}_{Computer name}\Hive\system
{Malware file path}\__{Computer name}_{Computer name}\Hive\security
{Malware file path}\__{Computer name}_{Computer name}\Hive\sam
{Malware file path}\__{Computer name}_{Computer name}\Hive\software
{Malware file path}\__{Computer name}_{Computer name}\Hive\hkcu
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-C2660688.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\55.0.2859.0_CHROME_INSTALLER.-FEB1D86C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ADDINUTIL.EXE-8F48E508.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgAppLaunch.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFaultHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlFgAppHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlGlobalHistory.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_P_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgGlUAD_S-1-5-21-3129151729-2737224167-1243983807-1000.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AgRobust.db
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\AUDIODG.EXE-D0D776AC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BCSSYNC.EXE-E11E559D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BGINFO.EXE-9E555CC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\BSPATCH.EXE-6A7B3EA2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CALC.EXE-AC08706A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHRMSTP.EXE-2A1116EB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME.EXE-0548EF22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-98B1510F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESETUP.EXE-F6621FA9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROMESTANDALONESETUP[1].EXE-3944B7A7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CHROME_INSTALLER.EXE-AB9EEF8D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CLRGC.EXE-C9F2E9F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CMD.EXE-89305D47.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMPMGMTLAUNCHER.EXE-0BF80059.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\COMREG.EXE-BE2DC5C3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONHOST.EXE-3218E401.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONSENT.EXE-65F6206D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CONTROL.EXE-9459D5A0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CSC.EXE-4EF173D0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\CVTRES.EXE-419E4E46.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DEFRAG.EXE-738093E8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DFSVC.EXE-F21F20D2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-71214090.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-893DDF55.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-98F9DD7B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DLLHOST.EXE-B878541A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DRVINST.EXE-5F8E77CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\DUMPCAP.EXE-2A5B8C13.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\EXPLORER.EXE-7A3328DA.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\FINDSTR.EXE-4176B665.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-0CBA4D22.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-1E5C1659.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-427A0127.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-45E34A42.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATE.EXE-D77985DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATEONDEMAND.EXE-6FB0E552.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GOOGLEUPDATESETUP.EXE-469721E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\GRPCONV.EXE-CAFD68AE.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HIEW32.EXE-D6994337.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\HTTPLOG.EXE-901D1EAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IE4UINIT.EXE-0BC11EF2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\IEXPLORE.EXE-1B894AFB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\INSTALLER.EXE-C8BCFA78.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVA.EXE-6C3C2DFD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAW.EXE-39514CA8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JAVAWS.EXE-A1EB6307.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JP2LAUNCHER.EXE-5178D6A9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-3D412F2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\JRE-8U101-WINDOWS-I586.EXE-8A54673C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\Layout.ini
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LODCTR.EXE-8DBE540B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\LOGONUI.EXE-1BEE4A84.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MMC.EXE-94CB0423.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MOFCOMP.EXE-CDA1E783.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPAS-FE.EXE-ACEABF68.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MPSIGSTUB.EXE-C23046E2.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-C735E247.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSCORSVW.EXE-FAA88858.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSDT.EXE-3D8E9353.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\MSIEXEC.EXE-B5AFA339.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET.EXE-1DF3A2F6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NET1.EXE-B8A8247B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NETSH.EXE-3DD790C5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NGEN.EXE-DEAF5A03.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NOTEPAD.EXE-EB1B961A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NSBA5C.TMP-688C394D.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\NTOSBOOT-B00DFAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\OLLYDBG.EXE-1373067B.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PCWRUN.EXE-D23AB51E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PfSvPerfStats.bin
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PRINTUI.EXE-E9F4354A.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\PROCEXP.EXE-58E58AD1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-125D4518.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-1A2DED2F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-29004854.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-77ECDFC8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-7DDA7264.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-A29D70BB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-AFD98684.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNDLL32.EXE-C2775519.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\RUNONCE.EXE-E33ED995.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SC.EXE-BC6DAF49.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SDIAGNHOST.EXE-67CD1457.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-9F182B59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-C02DCB51.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-D07E02CF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUP.EXE-F8B4C0C4.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SETUPUTILITY.EXE-74ED67E3.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPOOLSV.EXE-E4D0FF39.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SPPSVC.EXE-CBE91656.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-135A30D8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-18D06B2E.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8DA0BAAD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-8FD92526.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SVCHOST.EXE-93CEEE07.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\SYSTRACERX32.EXE-9CC57CD5.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKENG.EXE-5BAF290C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKHOST.EXE-437C05A8.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TASKMGR.EXE-72398DC0.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TCPVIEW.EXE-19A69C12.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNECT.EXE-F29212C1.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPAUTOCONNSVC.EXE-3F58EC59.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TPVCGATEWAY.EXE-DBBE6AB9.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\UNPACK200.EXE-1F45AE4F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\USBPCAPSETUP-1.1.0.0-G794BF26-DA7EEBDB.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VCREDIST_X86.EXE-E7846A26.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDS.EXE-AD27F0DC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VDSLDR.EXE-85F9A1C6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMTOOLSD.EXE-0AD357E6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VMWARETRAY.EXE-1DBB7768.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\VSSVC.EXE-04D079CC.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WERMGR.EXE-2A1BCBC7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WEVTUTIL.EXE-C09B744F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINPCAP_4_1_3.EXE-CFB61F1C.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINRAR.EXE-6F42D4E7.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WINSAT.EXE-F927CE81.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK-WIN32-2.2.0.EXE-40FBE1EF.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WIRESHARK.EXE-A9E3CE41.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIADAP.EXE-369DF1CD.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIC.EXE-B77E8CD6.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WMIPRVSE.EXE-43972D0F.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\WUAUCLT.EXE-830BCC14.pf
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace4.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace5.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace6.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace7.fx
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot\Trace8.fx
{Malware file path}\__{Computer name}_{Computer name}\arp.txt
{Malware file path}\__{Computer name}_{Computer name}\RoutePrint.txt
{Malware file path}\__{Computer name}_{Computer name}\HOSTS\hosts
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.dev.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.app.log
{Malware file path}\__{Computer name}_{Computer name}\USB\setupapi.offline.log
{Malware file path}\__{Computer name}_{Computer name}\USB\usb.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.use.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.share.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.session.log
{Malware file path}\__{Computer name}_{Computer name}\Net\net.account.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_psservice.sec.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_PS_service_detail.log
{Malware file path}\__{Computer name}_{Computer name}\ShimCacheParser.log
{Malware file path}\__{Computer name}_{Computer name}\GP\reg_screenave.log
{Malware file path}\__{Computer name}_{Computer name}\{Computer name}_acesschk_service.log
ファイルが表示されたら、そのファイルを選択し、SHIFT+DELETE を押します。これにより、ファイルが完全に削除されます。
註：Windows 7 において上記の手順が正しく行われない場合、マイクロソフトのWebサイトをご確認ください。

手順 5

以下のフォルダを検索し削除します。

[ 詳細 ]

註：このフォルダは、隠しフォルダとして設定されている場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。

{Malware file path}\__{Computer name}_{Computer name}
{Malware file path}\__{Computer name}_{Computer name}\C_MFT
{Malware file path}\__{Computer name}_{Computer name}\D_MFT
{Malware file path}\__{Computer name}_{Computer name}\Evtx
{Malware file path}\__{Computer name}_{Computer name}\Evtx\Logs
{Malware file path}\__{Computer name}_{Computer name}\Evtx\TraceFormat
{Malware file path}\__{Computer name}_{Computer name}\GP
{Malware file path}\__{Computer name}_{Computer name}\GP
{Malware file path}\__{Computer name}_{Computer name}\HOSTS
{Malware file path}\__{Computer name}_{Computer name}\Hive
{Malware file path}\__{Computer name}_{Computer name}\Net
{Malware file path}\__{Computer name}_{Computer name}\Prefetch
{Malware file path}\__{Computer name}_{Computer name}\Prefetch\ReadyBoot
{Malware file path}\__{Computer name}_{Computer name}\USB
{Malware file path}\__{Computer name}_{Computer name}\tasks

手順 6

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「Trojan.Win32.BOXTER.REI」と検出したファイルはすべて削除してください。検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

ご利用はいかがでしたか？　アンケートにご協力ください