HoneyWhales nested

カテゴリ	時刻	プロセス	対象	Type
(絞り込み) データがありません
file	04/25 16:11:49	C:\Program Files\Internet Explorer\IEXPLORE.EXE	C:\9keq8k.exe	-
process	04/25 16:11:50	C:\Program Files\Internet Explorer\IEXPLORE.EXE	C:\9keq8k.exe	-
registry	04/25 16:11:49	C:\9keq8k.exe	HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable	-
registry	04/25 16:11:50	C:\9keq8k.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings	-
file	04/25 16:11:49	C:\9keq8k.exe	C:\Documents and Settings\******\デスクトップ\abc	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\WINDOWS\Temp\Cab1.tmp	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\WINDOWS\Temp\Tar2.tmp	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224\Blob	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\WINDOWS\Temp\Tar2.tmp	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099\Blob	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E	-
registry	04/25 16:11:52	C:\9keq8k.exe	HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E\Blob	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\WINDOWS\Temp\Cab1.tmp	-
file	04/25 16:11:53	C:\9keq8k.exe	C:\WINDOWS\Temp\Tar2.tmp	-
file	04/25 16:11:58	C:\WINDOWS\system32\lsass.exe	C:\Documents and Settings\******\Application Data\Microsoft\Protect\S-1-5-21-507921405-1844237615-839522115-1003\5a0aac21-56c3-4696-a010-9f43370ad4d9	-
file	04/25 16:11:58	C:\WINDOWS\system32\lsass.exe	C:\Documents and Settings\******\Application Data\Microsoft\Protect\S-1-5-21-507921405-1844237615-839522115-1003\Preferred	-
file	04/25 16:11:58	C:\9keq8k.exe	C:\Documents and Settings\******\Application Data\Microsoft\Crypto\RSA\S-1-5-21-507921405-1844237615-839522115-1003\f95e4360f287f2891952b8d82f744c9b_387ea055-bdc5-4c1c-9713-f61c1e6b77f9	-
file	04/25 16:11:58	C:\9keq8k.exe	C:\WINDOWS\Temp\3.tmp	-
process	04/25 16:12:01	C:\9keq8k.exe	C:\WINDOWS\system32\regsvr32.exe	-
file	04/25 16:12:02	C:\WINDOWS\system32\regsvr32.exe	C:\Documents and Settings\******\デスクトップ\abc	-
registry	04/25 16:12:02	C:\WINDOWS\system32\regsvr32.exe	HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations	-
file	04/25 16:12:02	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\Temp\4.tmp	-
process	04/25 16:12:01	C:\Program Files\Internet Explorer\IEXPLORE.EXE	C:\9keq8k.exe	-
process	04/25 16:12:06	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\system32\regsvr32.exe	-
file	04/25 16:12:05	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\Temp\5.tmp	-
file	04/25 16:12:05	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\system32\spool\prtprocs\w32x86\6.tmp	-
file	04/25 16:12:05	C:\WINDOWS\system32\spoolsv.exe	C:\WINDOWS\system32\abc	-
file	04/25 16:12:08	C:\WINDOWS\system32\regsvr32.exe	C:\Documents and Settings\******\デスクトップ\abc	-
file	04/25 16:12:08	C:\WINDOWS\system32\spoolsv.exe	C:\WINDOWS\system32\abc	-
process	04/25 16:12:05	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\system32\regsvr32.exe	-
file	04/25 16:12:08	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\system32\spool\prtprocs\w32x86\6.tmp	-
file	04/25 16:12:09	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\Temp\5.tmp	-
file	04/25 16:12:09	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\Temp\7.tmp	-
file	04/25 16:12:10	C:\WINDOWS\system32\regsvr32.exe	C:\WINDOWS\system32\spool\prtprocs\w32x86\8.tmp	-
file	04/25 16:12:11	C:\WINDOWS\system32\spoolsv.exe	C:\WINDOWS\system32\abc	-
file	04/25 16:12:11	C:\WINDOWS\system32\spoolsv.exe	C:\WINDOWS\Temp\9.tmp	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config\system.LOG	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config\system.LOG	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config\system.LOG	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config	-
file	04/25 16:12:11	C:\WINDOWS\system32\services.exe	C:\WINDOWS\system32\config\system	-

file

04/25 16:11:49

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\9keq8k.exe

-

process

04/25 16:11:50

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\9keq8k.exe

-

registry

04/25 16:11:49

C:\9keq8k.exe

HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKLM\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable

-

registry

04/25 16:11:50

C:\9keq8k.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

-

file

04/25 16:11:49

C:\9keq8k.exe

C:\Documents and Settings\******\デスクトップ\abc

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\WINDOWS\Temp\Cab1.tmp

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\209900B63D955728140CD13622D8C687A4EB0085\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\WINDOWS\Temp\Tar2.tmp

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224\Blob

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\WINDOWS\Temp\Tar2.tmp

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\00EA522C8A9C06AA3ECCE0B4FA6CDC21D92E8099\Blob

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E

-

registry

04/25 16:11:52

C:\9keq8k.exe

HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E\Blob

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\WINDOWS\Temp\Cab1.tmp

-

file

04/25 16:11:53

C:\9keq8k.exe

C:\WINDOWS\Temp\Tar2.tmp

-

file

04/25 16:11:58

C:\WINDOWS\system32\lsass.exe

C:\Documents and Settings\******\Application Data\Microsoft\Protect\S-1-5-21-507921405-1844237615-839522115-1003\5a0aac21-56c3-4696-a010-9f43370ad4d9

-

file

04/25 16:11:58

C:\WINDOWS\system32\lsass.exe

C:\Documents and Settings\******\Application Data\Microsoft\Protect\S-1-5-21-507921405-1844237615-839522115-1003\Preferred

-

file

04/25 16:11:58

C:\9keq8k.exe

C:\Documents and Settings\******\Application Data\Microsoft\Crypto\RSA\S-1-5-21-507921405-1844237615-839522115-1003\f95e4360f287f2891952b8d82f744c9b_387ea055-bdc5-4c1c-9713-f61c1e6b77f9

-

file

04/25 16:11:58

C:\9keq8k.exe

C:\WINDOWS\Temp\3.tmp

-

process

04/25 16:12:01

C:\9keq8k.exe

C:\WINDOWS\system32\regsvr32.exe

-

file

04/25 16:12:02

C:\WINDOWS\system32\regsvr32.exe

C:\Documents and Settings\******\デスクトップ\abc

-

registry

04/25 16:12:02

C:\WINDOWS\system32\regsvr32.exe

HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations

-

file

04/25 16:12:02

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\Temp\4.tmp

-

process

04/25 16:12:01

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\9keq8k.exe

-

process

04/25 16:12:06

C:\WINDOWS\system32\regsvr32.exe

-

file

04/25 16:12:05

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\Temp\5.tmp

-

file

04/25 16:12:05

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\spool\prtprocs\w32x86\6.tmp

-

file

04/25 16:12:05

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\abc

-

file

04/25 16:12:08

C:\WINDOWS\system32\regsvr32.exe

C:\Documents and Settings\******\デスクトップ\abc

-

file

04/25 16:12:08

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\abc

-

process

04/25 16:12:05

C:\WINDOWS\system32\regsvr32.exe

-

file

04/25 16:12:08

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\spool\prtprocs\w32x86\6.tmp

-

file

04/25 16:12:09

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\Temp\5.tmp

-

file

04/25 16:12:09

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\Temp\7.tmp

-

file

04/25 16:12:10

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\spool\prtprocs\w32x86\8.tmp

-

file

04/25 16:12:11

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\abc

-

file

04/25 16:12:11

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Temp\9.tmp

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config\system.LOG

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config\system.LOG

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config\system.LOG

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config

-

file

04/25 16:12:11

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\config\system

-

PCへの影響 for http://www.zavalis.info/images/au.html