Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HaoZip' = '%PROGRAM_FILES%\Windows NT\Accessories\servicse.exe'
- %PROGRAM_FILES%\Windows NT\Accessories\servicse.exe (downloaded from the Internet)
- %PROGRAM_FILES%\Windows NT\Accessories\servicse.exe
- %PROGRAM_FILES%\Windows NT\Accessories\HaoZip.dll
- 'www.gm###pae.com':80
- www.gm###pae.com/jgwtsb.html
- DNS ASK www.gm###pae.com
- '<Private IP address>':1036