Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Function Transaction Input] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Function Transaction Input] 'ImagePath' = 'C:\lijrslwebn\zqdyvexkt.exe'
- 'Function Transaction Input' C:\lijrslwebn\zqdyvexkt.exe
- %WINDIR%\lijrslwebn\bkis2h8fsh
- C:\lijrslwebn\bkis2h8fsh
- C:\lijrslwebn\ttpg9zioya7ghb.exe
- C:\lijrslwebn\zqdyvexkt.exe
- C:\lijrslwebn\bzkappqef.exe
- C:\lijrslwebn\zjwkdzwvwe
- C:\lijrslwebn\zqdyvexkt.exe
- C:\lijrslwebn\bzkappqef.exe
- %WINDIR%\lijrslwebn\bkis2h8fsh
- C:\lijrslwebn\ttpg9zioya7ghb.exe
- %WINDIR%\lijrslwebn\bkis2h8fsh
- http://th####beside.net/index.php
- http://th####different.net/index.php
- http://pi####eletter.net/index.php
- http://su####length.net/index.php
- http://cr###length.net/index.php
- http://su####indeed.net/index.php
- DNS ASK ri###beside.net
- DNS ASK kn###notice.net
- DNS ASK be###notice.net
- DNS ASK kn###length.net
- DNS ASK be###length.net
- DNS ASK me####during.net
- DNS ASK fo####during.net
- DNS ASK me####indeed.net
- DNS ASK fo####indeed.net
- DNS ASK kn###indeed.net
- DNS ASK be###indeed.net
- DNS ASK me####length.net
- DNS ASK fo####length.net
- DNS ASK al####yduring.net
- DNS ASK ge####manduring.net
- DNS ASK al####yindeed.net
- DNS ASK ge####manindeed.net
- DNS ASK al####ynotice.net
- DNS ASK ge####mannotice.net
- DNS ASK me####notice.net
- DNS ASK fa####surprise.net
- DNS ASK be###during.net
- DNS ASK wo###notice.net
- DNS ASK sm###length.net
- DNS ASK wo###length.net
- DNS ASK wa###during.net
- DNS ASK th####tduring.net
- DNS ASK wa###indeed.net
- DNS ASK th####tindeed.net
- DNS ASK wa###notice.net
- DNS ASK th####tnotice.net
- DNS ASK wa###length.net
- DNS ASK th####tlength.net
- DNS ASK cr###during.net
- DNS ASK su####during.net
- DNS ASK cr###indeed.net
- DNS ASK su####indeed.net
- DNS ASK cr###notice.net
- DNS ASK su####notice.net
- DNS ASK cr###length.net
- DNS ASK su####length.net
- DNS ASK al####ylength.net
- DNS ASK fo####notice.net
- DNS ASK ge####manlength.net
- DNS ASK ex#####nceduring.net
- DNS ASK fr###during.net
- DNS ASK th####letter.net
- DNS ASK ci####tteletter.net
- DNS ASK pi####eletter.net
- DNS ASK ci####ttebeside.net
- DNS ASK pi####ebeside.net
- DNS ASK ci#####tesurprise.net
- DNS ASK pi####esurprise.net
- DNS ASK th####different.net
- DNS ASK fi####different.net
- DNS ASK fi####letter.net
- DNS ASK ci#####tedifferent.net
- DNS ASK th####beside.net
- DNS ASK fi####beside.net
- DNS ASK th####surprise.net
- DNS ASK fi####surprise.net
- DNS ASK ri####ifferent.net
- DNS ASK wh#####different.net
- DNS ASK ri###letter.net
- DNS ASK wh####rletter.net
- DNS ASK sm###notice.net
- DNS ASK kn###during.net
- DNS ASK ch#####nsurprise.net
- DNS ASK fa####beside.net
- DNS ASK pi#####different.net
- DNS ASK ex#####nceindeed.net
- DNS ASK fr###indeed.net
- DNS ASK ex#####ncenotice.net
- DNS ASK fr###notice.net
- DNS ASK ex#####ncelength.net
- DNS ASK fr###length.net
- DNS ASK en#####different.net
- DNS ASK ei####different.net
- DNS ASK en####hletter.net
- DNS ASK ei####letter.net
- DNS ASK en####hbeside.net
- DNS ASK ei####beside.net
- DNS ASK en####hsurprise.net
- DNS ASK ei####surprise.net
- DNS ASK fa####different.net
- DNS ASK ch#####ndifferent.net
- DNS ASK fa####letter.net
- DNS ASK ch####enletter.net
- DNS ASK ch####enbeside.net
- DNS ASK wo###indeed.net
- 'C:\lijrslwebn\ttpg9zioya7ghb.exe'
- 'C:\lijrslwebn\zqdyvexkt.exe'
- 'C:\lijrslwebn\bzkappqef.exe' "c:\lijrslwebn\zqdyvexkt.exe"