| 운영체제 | 파일명 |
| LINUX 파일 |
/bin/login, /bin/passwd, /etc/*.conf, /usr/bin, /usr/sbin, /bin, /sbin, /boot, /usr/local/bin, /usr/local/sbin, /opt/bin, /opt/sbin, /etc/crontab, /etc/init.d, /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly |
| WINDOWS 파일 |
C:\autoexec.bat, C:\boot.ini, C:\config.sys, C:\Windows\system.ini, C:\Windows\win.ini, C:\Windows\regedit.exe, C:\Windows\System32\userinit.exe, C:\Windows\explorer.exe, C:\Program Files\Microsoft Security Client\msseces.exe, |
| Windows 레지스트리 키 (HKLM = HKEY_LOCAL_MACHINE) |
HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CryptSIPDllRemoveSignedDataMsg{C689AAB8-8E78-11D0-8C47-00C04FC295EE} HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CryptSIPDllRemoveSignedDataMsg{603BCC1F-4B59-4E08-B724-D2C6297EF351} HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\SYSTEM.ini\boot HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType0\CryptSIPDllRemoveSignedDataMsg{C689AAB8-8E78-11D0-8C47-00C04FC295EE} HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType0\CryptSIPDllRemoveSignedDataMsg{603BCC1F-4B59-4E08-B724-D2C6297EF351} HKLM\SOFTWARE\WOW6432Node\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\system.ini\boot HKLM\SOFTWARE\WOW6432Node\Microsoft\WindowsNT\CurrentVersion\Windows HKLM\SOFTWARE\WOW6432Node\Microsoft\WindowsNT\CurrentVersion\Winlogon HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServicesOnce HKLM\SYSTEM\CurrentControlSet\Control\hivelist HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDLLs HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile |
카테고리 없음