Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\lHazZY\Parameters] 'ServiceDll' = '%APPDATA%\0vLVj7\yiYV1m.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\lHazZY] 'ImagePath' = '<SYSTEM32>\svchost.exe -k lHazZY'
- '<SYSTEM32>\svchost.exe' -k lHazZY
- %APPDATA%\0vLVj7\yiYV1m.dll
- 'pr######ts.b0.upaiyun.com':80
- 'as###.199897.com':4001
- http://pr######ts.b0.upaiyun.com/baidu/free004.dat
- DNS ASK pr######ts.b0.upaiyun.com
- DNS ASK as###.199897.com