Trojan.DMA, PCBooster

by ezclean posted Dec 10, 2020
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄

Trojan.DMA

 

C:\Users\{USERNAME}\AppData\Roaming\Desktop Management Agent\9giyumuw.exe
C:\ProgramData\desktop management Agent\135cc5sig.exe
C:\ProgramData\Desktop Management Agent\1u15919i3ye.exe
C:\ProgramData\Desktop Management Agent\3ag117sw9aa.exe
C:\ProgramData\Desktop Management Agent\93ke71e3i97.exe
C:\ProgramData\Desktop Management Agent\971a91e5geai.exe
C:\ProgramData\Desktop Management Agent\a357575wias.exe
C:\ProgramData\Desktop Management Agent\k1g35o71a5.exe
C:\ProgramData\Desktop Management Agent\m5egg3q73.exe
C:\ProgramData\Desktop Management Agent\youki3yw1.exe
C:\ProgramData\Desktop Management Agent\yssc9i39.exe

 

 

PUP.PCBooster

 

*file
C:\WINDOWS\SYSTEM32\TASKS\The PC Power Protection Startup
C:\WINDOWS\SYSTEM32\TASKS\The PC Power
C:\PROGRAM FILES\THE PC POWER\THEPCPOWER_PROTECTION.EXE
C:\PROGRAM FILES\THE PC POWER\THEPCPOWER.EXE
C:\PROGRAM FILES\THE PC POWER\UNINS000.EXE
C:\USERS\PUBLIC\Desktop\The PC Power.lnk
 

*reg_key
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\The PC Power Protection Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6E0AD05E-A073-4BB2-B61A-CB8DC17D7FFC}
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{6E0AD05E-A073-4BB2-B61A-CB8DC17D7FFC}
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\The PC Power
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6BB37F06-7698-43D0-BE35-935502574288}
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{6BB37F06-7698-43D0-BE35-935502574288}
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EF14720C-B68B-4F2A-86EF-D72C712B8E0E}}_is1

 

11111.png

 

 

 

 

 

 

 

 

 

TAG •
위로 아래로 댓글로 가기 인쇄