Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VaccineZR3' = '"%PROGRAM_FILES%\vaccinezert\VaccineZRD.exe" enjoy1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vzChkUp' = '"<SYSTEM32>\vzChkUp.exe" enjoy1'
- '%PROGRAM_FILES%\vaccinezert\VaccineZRD.exe'
- '%PROGRAM_FILES%\vaccinezert\VaccineZRD.exe' (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\VaccineZRD[1].exe
- %PROGRAM_FILES%\vaccinezert\VaccineZRD.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\vzChkUp[1].exe
- <SYSTEM32>\vzChkUp.exe
- 'va####ezero.co.kr':80
- 'up####.#accinezero.co.kr':80
- 'localhost':1037
- va####ezero.co.kr/version/bin/VaccineZRD.exe
- up####.#accinezero.co.kr/version/bin/vzChkUp.exe
- DNS ASK va####ezero.co.kr
- DNS ASK up####.#accinezero.co.kr
- ClassName: 'Shell_TrayWnd' WindowName: ''