MicroLabProc, MicroLabCon, GuardSupport List

시스템이 부팅할 때 마다 프로그램의 실행변수가 랜덤으로 변경된다.

이 변수가 어떤 의미인지 모르겠는데 이것때문에 로그를 분석하는데 간혹 패스가 되는 경우가 있었다.

 

한번만 더 눈에 띄면 프로세스로 검색한다. 조심해라.

 

 

지금까지 받은 로그의 일부..

 

NA001 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -zUKBPZIH
NA002 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -Ztjaoy
NA003 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -sNDuISB
NA004 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -RNZcri
NA005 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -pKArFPy
NA006 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -NiYPdnWVJ
NA007 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -mHxoCMv
NA008 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -jEulzJs
NA009 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -jDukyJ
NA010 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -ICURoK
NA011 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -gArhi
NA012 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -EYPFTeMMz
NA013 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -DXNEScx
NA014 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -BWMDRbKK
NA015 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe -bvmcqB
NA016 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe  -checkvalue
NA017 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe  -checkvalu
NA018 MicroLabProc -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProProc.exe  -checkval
NA019 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -zUKBPZIH
NA020 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -Ztjaoy
NA021 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -sNDuISB
NA022 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -RNZcr
NA023 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -QkbRf
NA024 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -pKArFPy
NA025 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -NiYPdnWVJ
NA026 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -lFvmA류
NA027 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -jEulzJs
NA028 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -jDukyJ
NA029 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -jDtk
NA030 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -IdTKYiR
NA031 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -ICURoK
NA032 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -EYPFTeMMz
NA033 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -BWMDRbKK
NA034 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe -bvmcqB
NA035 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe  -checkvalue
NA036 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe  -checkvalu2
NA037 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe  -checkvalu
NA038 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe  -checkval\
NA039 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe  -checkval
NA040 MicroLabCon -/- C:\Users\Administrator\AppData\Roaming\MicroLab\MyEngin\Common\MicroProCon.exe  -checkva
NA041
NA042 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -Zukbpzih
NA043 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -Wrht
NA044 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -qLBsGQz
NA045 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -qKBsFQ
NA046 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -oJzqEO
NA047 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -oIypD
NA048 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -MgWNblU
NA049 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -LgWNblUUH
NA050 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -IcSJXhQQe
NA051 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -gArhvF
NA052 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -FTdyMzl
NA053 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -fAqhvF
NA054 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -BVMCQbJJ
NA055 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe -avlcqA
NA056 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe  -checkvalue
NA057 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe  -checkvalu
NA058 MicroLabProc -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProProc.exe  -checkval
NA059 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -Zukbpzih
NA060 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -Wrh
NA061 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -qLBsGQz
NA062 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -qKBsFQ
NA063 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -oJzqEOt
NA064 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -oIypD
NA065 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -MgWNblU
NA066 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -LgWNblUUH
NA067 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -IcSJXhQQd
NA068 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -gArhvF
NA069 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -FTdyMzl
NA070 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -fAqhvF
NA071 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -BVMCQbJJ
NA072 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe -avlcqA
NA073 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe  -checkvalx
NA074 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe  -checkvalue
NA075 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe  -checkvalu
NA076 MicroLabCon -/- C:\Documents and Settings\Administrator\Application Data\MicroLab\MyEngin\Common\MicroProCon.exe  -checkval
NA077
NA078 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -sbbO.
NA079 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -qBjjW
NA080 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -qBj
NA081 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -OZIHun
NA082 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -jtccPBdz
NA083 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -ISBBoa
NA084 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -eoXXKwXuG
NA085 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe -BVMCQbJJ
NA086 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe /autorux
NA087 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe /autorun
NA088 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe /autore
NA089 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe        x
NA090 GuardSupport -/- C:\Documents and Settings\Administrator\Application Data\GuardSupport\GuardConvert.exe