Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'haom6' = '<SYSTEM32>\srhvdow.exe'
- <SYSTEM32>\liebiao.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lie[1].txt
- <SYSTEM32>\srhvdow.exe
- 'www.ha###.com.cn':80
- 'localhost':1036
- www.ha###.com.cn/gg/lie.txt
- DNS ASK www.ha###.com.cn
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'