Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\lanmanserver] 'Start' = '00000002'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\servsvc.dll StartUpA
- '<SYSTEM32>\sc.exe' config lanmanserver start= auto
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters" /v ServiceDll /t REG_EXPAND_SZ /d <SYSTEM32>\servsvc.dll /f
- <SYSTEM32>\servsvc.dll
- <SYSTEM32>\Driver.inf
- <SYSTEM32>\msws.dll
- 'po##.##azingheaven.com':80
- po##.##azingheaven.comhttp://pop3.flazingheaven.com:80/index.htm?uK###############################################
- po##.##azingheaven.comhttp://pop3.flazingheaven.com:80/index.htm?uK#############################################
- DNS ASK po##.##azingheaven.com