Trojan:Win32/Kovter.Cウイルス [メモ]
 
● Policeロック ランサムウェア
● クリック詐欺
 
 
14f26b716b70aeab3f262ff3b5922537
e621244066f5fd0bad733bbec8e2b751
Trojan:Win32/Kovter.E
Trojan:Win32/Kovter.D
Trojan:Win32/Kovter.C
Trojan:Win32/Kovter.B
Trojan:Win32/Kovter.A
Behavior:Win32/Kovter.A
ファイル
C:\Users\[ユーザー名]\AppData\Local\Microsoft\{590455eb-3250-f043-a5fe-1e9929f89d65}\{590455eb-3250-f043-a5fe-1e9929f89d65}.exe
レジストリ
HKLM\Software\9BE90650\1 = C:\Users\[ユーザー名]\AppData\Local\Microsoft\{590455eb-3250-f043-a5fe-1e9929f89d65}\{590455eb-3250-f043-a5fe-1e9929f89d65}.exe
HKLM\Software\9BE90650\2 = 510
HKLM\Software\9BE90650\3 = 0379A6E24571790C
HKLM\Software\9BE90650\4 = 1413465057
HKLM\Software\9BE90650\5 = Mozilla/5.0 (compatible; MSIE *.*; Windows NT *.*; Trident/6.0)

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\{590455eb-3250-f043-a5fe-1e9929f89d65} = "C:\Users\[ユーザー名]\AppData\Local\Microsoft\{590455eb-3250-f043-a5fe-1e9929f89d65}\{590455eb-3250-f043-a5fe-1e9929f89d65}.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\{590455eb-3250-f043-a5fe-1e9929f89d65} = "C:\Users\[ユーザー名]\AppData\Local\Microsoft\{590455eb-3250-f043-a5fe-1e9929f89d65}\{590455eb-3250-f043-a5fe-1e9929f89d65}.exe"

HKCU\Software\9BE90650\1 = C:\Users\[ユーザー名]\AppData\Local\Microsoft\{590455eb-3250-f043-a5fe-1e9929f89d65}\{590455eb-3250-f043-a5fe-1e9929f89d65}.exe
HKCU\Software\9BE90650\2 = 510
HKCU\Software\9BE90650\3 = 0379A6E24571790C
HKCU\Software\9BE90650\4 = 1413465057
HKCU\Software\9BE90650\5 = Mozilla/5.0 (compatible; MSIE *.*; Windows NT *.*; Trident/6.0)
ネットワーク
fifth-chance[.]info/9/form.php
heavysize[.]net/9/feed.php
 
search-info[.]pw/search/index.html?q=
204.27.56[.]91/feed1/click?aff=10123&saff=510&cid=
216.172.63[.]56/feed5/click?aff=10123&saff=510&cid=