TROJ_KOVTER.EH

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

マルウェアは、実行後、自身を削除します。

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、以下のフォルダを作成します。

• %Application Data%\oryni
• %System Root%\_116296_
• %System Root%\fc6bd29b592a57da2c91c8c37f
• %System Root%\fc6bd29b592a57da2c91c8c37f\update

(註：%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。.. %System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.)

他のシステム変更

マルウェアは、以下のレジストリキーを追加します。

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION

HKEY_CURRENT_USER\Software\qanz

HKEY_LOCAL_MACHINE\SOFTWARE\qanz

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate\
OSUpgrade

HKEY_LOCAL_MACHINE\SOFTWARE\168915E32FFACDFFC71

HKEY_LOCAL_MACHINE\SOFTWARE\75C3C684B14F46FD00CF

マルウェアは、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
regsvr32.exe = "22b8"

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
iexplore.exe = "22b8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
regsvr32.exe = "22b8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
iexplore.exe = "22b8"

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
zojewbdazo = "{random characters}"

HKEY_CURRENT_USER\Software\qanz
zojewbdazo = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate
DisableOSUpgrade = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate\
OSUpgrade
ReservationsAllowed = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
ltpxeirzlt = "cm4XipI8AAz/xQ=="

HKEY_CURRENT_USER\Software\qanz
ltpxeirzlt = "eWxA3pI8WC00mQ=="

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
bjtkim = "cDgW25AxBWkstH9gsGWts+aDT/NqB50="

HKEY_CURRENT_USER\Software\qanz
bjtkim = "dmoQjJVpBVPQyWH9VZdf0l75bfbFiHA="

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
eljz = "IjpDip8xB1gDy2+sBrwkrwc="

HKEY_CURRENT_USER\Software\qanz
eljz = "d2tAi5JrUjqJadlsX/37430="

HKEY_LOCAL_MACHINE\SOFTWARE\qanz
kqdg = "{random characters}"

HKEY_CURRENT_USER\Software\qanz
kqdg = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\168915E32FFACDFFC71
B165E8B90B63CB3CC8 = "B165E8B90B63CB3CC8"

HKEY_LOCAL_MACHINE\SOFTWARE\75C3C684B14F46FD00CF
327D3FC85D1E1A214 = "327D3FC85D1E1A214"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup
LogLevel = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup
LogLevel = "0"

マルウェアは、以下のレジストリ値を変更します。

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\3
1206 = "0"

(註：変更前の上記レジストリ値は、「3」となります。)

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\3
2300 = "0"

(註：変更前の上記レジストリ値は、「1」となります。)

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\3
1809 = "3"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\1
1206 = "0"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\1
2300 = "0"

(註：変更前の上記レジストリ値は、「1」となります。)

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
Zones\1
1809 = "3"

(註：変更前の上記レジストリ値は、「3」となります。)

マルウェアは、以下のレジストリキーを削除します。

HKEY_LOCAL_MACHINE\SOFTWARE

作成活動

マルウェアは、以下のファイルを作成します。

• %Application Data%\oryni\oryni.exe
• %User Temp%\WindowsXP-KB968930-x86-ENG.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\eventforwarding.adm
• %System Root%\fc6bd29b592a57da2c91c8c37f\windowsremotemanagement.adm
• %System Root%\fc6bd29b592a57da2c91c8c37f\windowsremoteshell.adm
• %System Root%\fc6bd29b592a57da2c91c8c37f\windowspowershellhelp.chm
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrm.cmd
• %System Root%\fc6bd29b592a57da2c91c8c37f\compiledcomposition.microsoft.powershell.gpowershell.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.backgroundintelligenttransfer.management.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.backgroundintelligenttransfer.management.interop.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.backgroundintelligenttransfer.management.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.diagnostics.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.diagnostics.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.management.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.management.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.utility.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.utility.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.consolehost.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.consolehost.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.editor.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.editor.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.gpowershell.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.gpowershell.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.graphicalhost.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.graphicalhost.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.security.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.security.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.wsman.management.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.wsman.management.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.wsman.runtime.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\powershell_ise.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\pspluginwkr.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\pwrshmsg.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\pwrshplugin.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\pwrshsip.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\spmsg.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\system.management.automation.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\system.management.automation.resources.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\wevtfwd.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrmprov.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrscmd.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrsmgr.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrssrv.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmauto.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmplpxy.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmres.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmsvc.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmwmipl.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\powershell.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\powershell_ise.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\pscustomsetuputil.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\pssetupnativeutils.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\spuninst.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\spupdsvc.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrs.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrshost.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmanhttpconfig.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmprovhost.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\wtrinstaller.ico
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrm.ini
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrmprov.mof
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmauto.mof
• %System Root%\fc6bd29b592a57da2c91c8c37f\powershell.exe.mui
• %System Root%\fc6bd29b592a57da2c91c8c37f\profile.ps1
• %System Root%\fc6bd29b592a57da2c91c8c37f\bitstransfer.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\certificate.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\diagnostics.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\dotnettypes.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\filesystem.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\getevent.types.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\help.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\powershellcore.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\powershelltrace.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\registry.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\types.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsman.format.ps1xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\bitstransfer.psd1
• %System Root%\fc6bd29b592a57da2c91c8c37f\importallmodules.psd1
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_aliases.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_arithmetic_operators.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_arrays.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_assignment_operators.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_automatic_variables.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_bits_cmdlets.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_break.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_command_precedence.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_command_syntax.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_comment_based_help.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_commonparameters.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_comparison_operators.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_continue.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_core_commands.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_data_sections.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_debuggers.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_do.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_environment_variables.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_escape_characters.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_eventlogs.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_execution_policies.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_for.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_foreach.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_format.ps1xml.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_functions.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_functions_advanced.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_functions_advanced_methods.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_functions_advanced_parameters.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_functions_cmdletbindingattribute.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_hash_tables.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_history.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_if.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_job_details.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_jobs.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_join.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_language_keywords.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_line_editing.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_locations.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_logical_operators.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_methods.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_modules.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_objects.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_operators.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_parameters.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_parsing.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_path_syntax.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_pipelines.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_preference_variables.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_profiles.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_prompts.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_properties.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_providers.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_pssession_details.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_pssessions.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_pssnapins.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_quoting_rules.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_redirection.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_ref.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_regular_expressions.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_remote.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_remote_faq.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_remote_jobs.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_remote_output.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_remote_requirements.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_remote_troubleshooting.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_requires.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_reserved_words.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_return.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_scopes.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_script_blocks.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_script_internationalization.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_scripts.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_session_configurations.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_signing.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_special_characters.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_split.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_switch.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_throw.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_transactions.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_trap.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_try_catch_finally.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_type_operators.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_types.ps1xml.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_variables.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_while.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_wildcards.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_windows_powershell_2.0.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_windows_powershell_ise.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_wmi_cmdlets.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\about_ws-management_cmdlets.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\default.help.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\winrm.vbs
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.backgroundintelligenttransfer.management.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.diagnostics.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.management.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.commands.utility.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.consolehost.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.powershell.security.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\microsoft.wsman.management.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\system.management.automation.dll-help.xml
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmpty.xsl
• %System Root%\fc6bd29b592a57da2c91c8c37f\wsmtxt.xsl
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\kb968930xp.cat
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\spcustom.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\updspapi.dll
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\update.exe
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\update.inf
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\eula.txt
• %System Root%\fc6bd29b592a57da2c91c8c37f\update\update.ver
• %System Root%\fc6bd29b592a57da2c91c8c37f\$shtdwn$.req

その他

マルウェアは、以下の不正なWebサイトにアクセスします。

• http://{BLOCKED}7.72.90
• http://{BLOCKED}7.72.90/{random path}
• {BLOCKED}5.65.47
• {BLOCKED}9.24.26
• {BLOCKED}7.47.86
• {BLOCKED}9.59.190
• {BLOCKED}2.235.92
• {BLOCKED}.29.187
• {BLOCKED}1.12.101
• {BLOCKED}9.115.63
• {BLOCKED}9.213.197
• {BLOCKED}.183.24
• {BLOCKED}.158.49
• {BLOCKED}.228.115
• {BLOCKED}.242.184
• {BLOCKED}6.137.122
• {BLOCKED}.229.107
• {BLOCKED}.143.54
• {BLOCKED}.139.130
• {BLOCKED}.29.60
• {BLOCKED}.116.245
• {BLOCKED}6.86.1
• {BLOCKED}236.42
• {BLOCKED}10.102
• {BLOCKED}148.49
• {BLOCKED}0.100.130
• {BLOCKED}.36.250
• {BLOCKED}3.214.109
• {BLOCKED}5.36.134
• {BLOCKED}.197.200
• {BLOCKED}.68.6
• {BLOCKED}17.129
• {BLOCKED}1.117.93
• {BLOCKED}29.158
• {BLOCKED}.28.16
• {BLOCKED}.156.147
• {BLOCKED}1.13.18
• {BLOCKED}.121.66
• {BLOCKED}7.161.244
• {BLOCKED}118.240
• {BLOCKED}5.8.106
• {BLOCKED}8.82.101
• {BLOCKED}.201.213
• {BLOCKED}.253.74
• {BLOCKED}135.247
• {BLOCKED}.132.140
• {BLOCKED}119.172
• {BLOCKED}.170.250
• {BLOCKED}7.74.160
• {BLOCKED}.29.46
• {BLOCKED}.247.220
• {BLOCKED}.69.196
• {BLOCKED}5.253.15
• {BLOCKED}.56.45
• {BLOCKED}126.17
• {BLOCKED}.132.42
• {BLOCKED}3.255
• {BLOCKED}3.88.89
• {BLOCKED}.132.60
• {BLOCKED}.251.24
• {BLOCKED}.5.161
• {BLOCKED}4.49.241
• {BLOCKED}5.104.30
• {BLOCKED}5.54.217
• {BLOCKED}55.117
• {BLOCKED}0.4.224
• {BLOCKED}.82.157
• {BLOCKED}8.172.250
• {BLOCKED}5.21.43
• {BLOCKED}.123.228
• {BLOCKED}9.96.6
• {BLOCKED}.75.176
• {BLOCKED}41.117
• {BLOCKED}7.129.172
• {BLOCKED}.169.202
• {BLOCKED}5.189.3
• {BLOCKED}.67.69
• {BLOCKED}1.165.160
• {BLOCKED}0.71.130
• {BLOCKED}.151.104
• {BLOCKED}6.114.86
• {BLOCKED}.105.5
• {BLOCKED}.129.154
• {BLOCKED}.12.110
• {BLOCKED}9.180.153
• {BLOCKED}.194.255
• {BLOCKED}.242.175
• {BLOCKED}4.204.189
• {BLOCKED}.247.43
• {BLOCKED}.105.19
• {BLOCKED}.199.242
• {BLOCKED}2.45.95
• {BLOCKED}5.188
• {BLOCKED}.22.248
• {BLOCKED}.21.109
• {BLOCKED}3.200.165
• {BLOCKED}.244.103
• {BLOCKED}.140.12
• {BLOCKED}.21.69
• {BLOCKED}3.141.69
• {BLOCKED}1.119.23
• {BLOCKED}163.132
• {BLOCKED}3.84.178
• {BLOCKED}.80.77
• {BLOCKED}5.229.159
• {BLOCKED}.141.204
• {BLOCKED}.246.217
• {BLOCKED}.209.91
• {BLOCKED}4.142.57
• {BLOCKED}.48.167
• {BLOCKED}9.175
• {BLOCKED}251.122
• {BLOCKED}3.187.44
• {BLOCKED}1.181
• {BLOCKED}.20.221
• {BLOCKED}0.58.6
• {BLOCKED}.245.185
• {BLOCKED}.42.24
• {BLOCKED}2.141.135
• {BLOCKED}70.52
• {BLOCKED}.68.67
• {BLOCKED}.140.89
• {BLOCKED}.246.161
• {BLOCKED}.186.92
• {BLOCKED}2.168.1
• {BLOCKED}7.60.187
• {BLOCKED}.184.28
• {BLOCKED}160.225
• {BLOCKED}.67.129
• {BLOCKED}.173.252
• {BLOCKED}6.128.207
• {BLOCKED}8.205.218
• {BLOCKED}8.83.179
• {BLOCKED}89.160
• {BLOCKED}2.34.20
• {BLOCKED}.23.182
• {BLOCKED}.142.231
• {BLOCKED}.217.10
• {BLOCKED}.72.11
• {BLOCKED}1.191.171
• {BLOCKED}233.195
• {BLOCKED}.117.118
• {BLOCKED}0.122.53
• {BLOCKED}.249.107
• {BLOCKED}165.193
• {BLOCKED}7.231.17
• {BLOCKED}0.79.12
• {BLOCKED}.226.172
• {BLOCKED}2.235.117
• {BLOCKED}2.1.116
• {BLOCKED}1.226.218
• {BLOCKED}3.91.17
• {BLOCKED}6.64.107
• {BLOCKED}.8.9
• {BLOCKED}4.85.21
• {BLOCKED}.172.31
• {BLOCKED}.214.134
• {BLOCKED}.72.37
• {BLOCKED}5.140.248
• {BLOCKED}.204.73
• {BLOCKED}63.224
• {BLOCKED}.204.120
• {BLOCKED}.95.125
• {BLOCKED}0.29.130
• {BLOCKED}160.149
• {BLOCKED}106.81
• {BLOCKED}0.2.23
• {BLOCKED}2.34.190
• {BLOCKED}6.116.53
• {BLOCKED}6.91.22
• {BLOCKED}2.171.163
• {BLOCKED}8.238.188
• {BLOCKED}4.101.200
• {BLOCKED}0.237.12
• {BLOCKED}6.182.53
• {BLOCKED}.240.94
• {BLOCKED}184.158
• {BLOCKED}52.224
• {BLOCKED}.182.134
• {BLOCKED}7.232.247
• {BLOCKED}.134.38
• {BLOCKED}.12.4
• {BLOCKED}2.158.212
• {BLOCKED}3.164.123
• {BLOCKED}7.159.73
• {BLOCKED}.165.23
• {BLOCKED}6.170.99
• {BLOCKED}2.151.6
• {BLOCKED}.70.113
• {BLOCKED}4.63.174
• {BLOCKED}.148.74
• {BLOCKED}.49.20
• {BLOCKED}9.50.14
• {BLOCKED}0.212.126
• {BLOCKED}105.79
• {BLOCKED}248.22
• {BLOCKED}1.163.174
• {BLOCKED}.6.125
• {BLOCKED}1.18.15
• {BLOCKED}185.29
• {BLOCKED}4.95.134
• {BLOCKED}.64.65
• {BLOCKED}.165.247
• {BLOCKED}.70.96
• {BLOCKED}.230.70
• {BLOCKED}.148.151
• {BLOCKED}.129.65
• {BLOCKED}193.219
• {BLOCKED}29.141
• {BLOCKED}6.234.62
• {BLOCKED}.2.161
• {BLOCKED}.47.84
• {BLOCKED}5.15.253
• {BLOCKED}6.31.253
• {BLOCKED}9.119.10
• {BLOCKED}.228.161
• {BLOCKED}114.165
• {BLOCKED}.135.34
• {BLOCKED}.160.233
• {BLOCKED}.80.196
• {BLOCKED}25.30
• {BLOCKED}1.124.10
• {BLOCKED}243.87
• {BLOCKED}30.34
• {BLOCKED}9.119.5
• {BLOCKED}2.250.23
• {BLOCKED}64.164
• {BLOCKED}6.200.63
• {BLOCKED}.175.141
• {BLOCKED}171.213
• {BLOCKED}.51.149
• {BLOCKED}.13.178
• {BLOCKED}99.177
• {BLOCKED}172.85
• {BLOCKED}6.107.37
• {BLOCKED}186.211

マルウェアは、実行後、自身を削除します。

このウイルス情報は、自動解析システムにより作成されました。