Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'gcpaaz' = '<SYSTEM32>\gcpaaz.exe'
- <SYSTEM32>\gcpaaz.exe
- %WINDIR%\explorer.exe
- %WINDIR%\explorer.exe
- %PROGRAM_FILES%\gcpaaz\gcpaaz.exc
- %PROGRAM_FILES%\gcpaaz\gcpaaz.dl3
- <SYSTEM32>\gcpaaz.exe
- %TEMP%\nsx2.tmp\SelfDel.dll
- %PROGRAM_FILES%\gcpaaz\uninstall.exe
- %TEMP%\nsx2.tmp\nsBase64.dll
- %TEMP%\nsx2.tmp\nsUtil.dll
- %TEMP%\nsx2.tmp\nsRanStrInt.dll
- %PROGRAM_FILES%\gcpaaz\gcpaaz.dl2
- %PROGRAM_FILES%\gcpaaz\gcpaaz.dl1
- %TEMP%\nsx2.tmp\nsUtil.dll
- %TEMP%\nsx2.tmp\SelfDel.dll
- %TEMP%\nsx2.tmp\nsBase64.dll
- %TEMP%\nsx2.tmp\nsRanStrInt.dll
- 'www.ha####shback.co.kr':80
- '22#.#33.52.140':80
- www.ha####shback.co.kr/update/partner16_sidebar.htm
- 22#.#33.52.140/hanacashback/install.php?pa#######################################
- DNS ASK www.ha####shback.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''