PUP.UCalendar, WebInternet

by ezclean posted Jan 25, 2021
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄

PUP.UCalendar


*file

C:\Users\{USERNAME}\AppData\Local\ucalendar\desktopcalendar.dll
C:\Users\{USERNAME}\AppData\Local\ucalendar\huangli.xml
C:\Users\{USERNAME}\AppData\Local\ucalendar\icolog
C:\Users\{USERNAME}\AppData\Local\ucalendar\niaojiao.wav
C:\Users\{USERNAME}\AppData\Local\ucalendar\replace.dll
C:\Users\{USERNAME}\AppData\Local\ucalendar\replace64.dll
C:\Users\{USERNAME}\AppData\Local\ucalendar\setting.wdj
C:\Users\{USERNAME}\AppData\Local\ucalendar\tclock.ini
C:\Users\{USERNAME}\AppData\Local\ucalendar\tmp.exe
C:\Users\{USERNAME}\AppData\Local\ucalendar\ucalendar.exe
C:\Users\{USERNAME}\AppData\Local\ucalendar\ucalexternal.exe
C:\Users\{USERNAME}\AppData\Local\ucalendar\ui_d.dll
C:\Users\{USERNAME}\AppData\Local\ucalendar\uiconfig.txt
C:\Users\{USERNAME}\AppData\Local\ucalendar\unins000.msg
C:\Users\{USERNAME}\AppData\Local\ucalendar\unins000.dat
C:\Users\{USERNAME}\AppData\Local\ucalendar\unins001.dat
C:\Users\{USERNAME}\AppData\Local\ucalendar\unins001.exe
C:\Users\{USERNAME}\AppData\Local\ucalendar\update.exe
 

PUP.WebInternet


*file
C:\Windows\System32\Tasks\WebInternetSecurity Update Task
C:\Program Files\Webinternetsecurity\uninstall.webinternetsecurity.exe
C:\Program Files\Webinternetsecurity\WebInternetSecurity.exe
C:\Program Files\Webinternetsecurity\ewebstorewrapper.dll
C:\Program Files\Webinternetsecurity\makecert.exe
C:\Program Files\Webinternetsecurity\certutil.exe
C:\Program Files\Webinternetsecurity\libnspr4.dll
C:\Program Files\Webinternetsecurity\libplc4.dll
C:\Program Files\Webinternetsecurity\nss3.dll
C:\Program Files\Webinternetsecurity\smime3.dll
C:\Program Files\Webinternetsecurity\softokn3.dll
C:\users\{USERNAME}\appdata\Local\WebInternetSecurity\WebInternetSecurity.exe
C:\users\{USERNAME}\appdata\Local\WebInternetSecurity\uninstall.webinternetsecurity.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity\WebInternetSecurity.lnk
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WebInternetSecurity\WebInternetSecurity.lnk

*reg_key
HKCU\Software\WebinternetsecurityInstalled
HKLM\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\WebInternetSecurity_RASMANCS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webinternetsecurity
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AACA98-B7BE-43AE-B418-D795225E9EFC}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebInternetSecurity Update Task
HKLM\SOFTWARE\Webinternetsecurity

*reg_val
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | WebInternetSecurity

 

11111.png

 

TAG •
위로 아래로 댓글로 가기 인쇄