Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Trap Network Solutions' = 'C:\ltlburomm\bgrcdnokfl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Service Multimedia Manager Time Offline Video] 'ImagePath' = 'C:\ltlburomm\bgrcdnokfl.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Service Multimedia Manager Time Offline Video] 'Start' = '00000002'
- 'C:\ltlburomm\jqttyofzlo.exe' "c:\ltlburomm\bgrcdnokfl.exe"
- 'C:\ltlburomm\bgrcdnokfl.exe'
- 'C:\ltlburomm\nv2n8teh903izvmg1xt.exe'
- C:\ltlburomm\bgrcdnokfl.exe
- C:\ltlburomm\jqttyofzlo.exe
- C:\ltlburomm\nv2n8teh903izvmg1xt.exe
- %WINDIR%\ltlburomm\sx6nibzx
- C:\ltlburomm\sx6nibzx
- C:\ltlburomm\jqttyofzlo.exe
- C:\ltlburomm\bgrcdnokfl.exe
- C:\ltlburomm\nv2n8teh903izvmg1xt.exe
- %WINDIR%\ltlburomm\sx6nibzx
- 'ri####uestion.net':80
- 'wh#####therefore.net':80
- 'ri####herefore.net':80
- 'wh####rwhile.net':80
- 'ri###while.net':80
- 'wh####rquestion.net':80
- 'th###hwhile.net':80
- 'fi####question.net':80
- 'th####question.net':80
- 'fi####school.net':80
- 'th####school.net':80
- 'fi###ewhile.net':80
- 'fo####nschool.net':80
- 'su###nwhile.net':80
- 'fo####nwhile.net':80
- 'pe####therefore.net':80
- 'ma#####therefore.net':80
- 'su####school.net':80
- 'fo#####therefore.net':80
- 'wh####rschool.net':80
- 'ri###school.net':80
- 'su####question.net':80
- 'fo####nquestion.net':80
- 'su####therefore.net':80
- 'fi####therefore.net':80
- 'ch#####ntherefore.net':80
- 'fa####therefore.net':80
- 'ei####school.net':80
- 'fa###ywhile.net':80
- 'ch#####nquestion.net':80
- 'fa####question.net':80
- 'ei####question.net':80
- 'en####hquestion.net':80
- 'ei####therefore.net':80
- 'en####hschool.net':80
- 'ei###rwhile.net':80
- 'en####hwhile.net':80
- 'pi####ewhile.net':80
- 'ci####ttewhile.net':80
- 'pi####equestion.net':80
- 'th####therefore.net':80
- 'pi####eschool.net':80
- 'ci####tteschool.net':80
- 'ch####enschool.net':80
- 'fa####school.net':80
- 'ch####enwhile.net':80
- 'ci#####tequestion.net':80
- 'pi#####therefore.net':80
- 'ci#####tetherefore.net':80
- 'pi####ealways.net':80
- 'ci####ttealways.net':80
- 'pi####eforest.net':80
- 'ci####ttewheat.net':80
- 'pi####eanger.net':80
- 'ci####tteanger.net':80
- 'ch####enanger.net':80
- 'fa###yanger.net':80
- 'ch####enalways.net':80
- 'ci####tteforest.net':80
- 'ch####enwheat.net':80
- 'fa###ywheat.net':80
- 'fi###ewheat.net':80
- 'th###hwheat.net':80
- 'fi###eanger.net':80
- 'ri###always.net':80
- 'wh####rforest.net':80
- 'ri###forest.net':80
- 'fi####forest.net':80
- 'th####forest.net':80
- 'pi####ewheat.net':80
- 'th###hanger.net':80
- 'fi####always.net':80
- 'th####always.net':80
- 'fa####always.net':80
- 'be####equestion.net':80
- 'ex####therefore.net':80
- 'be#####therefore.net':80
- 'ex###twhile.net':80
- 'be####ewhile.net':80
- 'ex####question.net':80
- 'ma####ewhile.net':80
- 'pe####question.net':80
- 'ma####equestion.net':80
- 'pe####school.net':80
- 'ma####eschool.net':80
- 'pe###nwhile.net':80
- 'en####hwheat.net':80
- 'ei###ranger.net':80
- 'en####hanger.net':80
- 'ch####enforest.net':80
- 'fa####forest.net':80
- 'ei###rwheat.net':80
- 'en####hforest.net':80
- 'ex####school.net':80
- 'be####eschool.net':80
- 'ei####always.net':80
- 'en####halways.net':80
- 'ei####forest.net':80
- http://ri####uestion.net/index.php
- http://wh#####therefore.net/index.php
- http://ri####herefore.net/index.php
- http://wh####rwhile.net/index.php
- http://ri###while.net/index.php
- http://wh####rquestion.net/index.php
- http://th###hwhile.net/index.php
- http://fi####question.net/index.php
- http://th####question.net/index.php
- http://fi####school.net/index.php
- http://th####school.net/index.php
- http://fi###ewhile.net/index.php
- http://fo####nschool.net/index.php
- http://su###nwhile.net/index.php
- http://fo####nwhile.net/index.php
- http://pe####therefore.net/index.php
- http://ma#####therefore.net/index.php
- http://su####school.net/index.php
- http://fo#####therefore.net/index.php
- http://wh####rschool.net/index.php
- http://ri###school.net/index.php
- http://su####question.net/index.php
- http://fo####nquestion.net/index.php
- http://su####therefore.net/index.php
- http://fi####therefore.net/index.php
- http://ch#####ntherefore.net/index.php
- http://fa####therefore.net/index.php
- http://ei####school.net/index.php
- http://fa###ywhile.net/index.php
- http://ch#####nquestion.net/index.php
- http://fa####question.net/index.php
- http://ei####question.net/index.php
- http://en####hquestion.net/index.php
- http://ei####therefore.net/index.php
- http://en####hschool.net/index.php
- http://ei###rwhile.net/index.php
- http://en####hwhile.net/index.php
- http://pi####ewhile.net/index.php
- http://ci####ttewhile.net/index.php
- http://pi####equestion.net/index.php
- http://th####therefore.net/index.php
- http://pi####eschool.net/index.php
- http://ci####tteschool.net/index.php
- http://ch####enschool.net/index.php
- http://fa####school.net/index.php
- http://ch####enwhile.net/index.php
- http://ci#####tequestion.net/index.php
- http://pi#####therefore.net/index.php
- http://ci#####tetherefore.net/index.php
- http://pi####ealways.net/index.php
- http://ci####ttealways.net/index.php
- http://pi####eforest.net/index.php
- http://ci####ttewheat.net/index.php
- http://pi####eanger.net/index.php
- http://ci####tteanger.net/index.php
- http://ch####enanger.net/index.php
- http://fa###yanger.net/index.php
- http://ch####enalways.net/index.php
- http://ci####tteforest.net/index.php
- http://ch####enwheat.net/index.php
- http://fa###ywheat.net/index.php
- http://fi###ewheat.net/index.php
- http://th###hwheat.net/index.php
- http://fi###eanger.net/index.php
- http://ri###always.net/index.php
- http://wh####rforest.net/index.php
- http://ri###forest.net/index.php
- http://fi####forest.net/index.php
- http://th####forest.net/index.php
- http://pi####ewheat.net/index.php
- http://th###hanger.net/index.php
- http://fi####always.net/index.php
- http://th####always.net/index.php
- http://fa####always.net/index.php
- http://be####equestion.net/index.php
- http://ex####therefore.net/index.php
- http://be#####therefore.net/index.php
- http://ex###twhile.net/index.php
- http://be####ewhile.net/index.php
- http://ex####question.net/index.php
- http://ma####ewhile.net/index.php
- http://pe####question.net/index.php
- http://ma####equestion.net/index.php
- http://pe####school.net/index.php
- http://ma####eschool.net/index.php
- http://pe###nwhile.net/index.php
- http://en####hwheat.net/index.php
- http://ei###ranger.net/index.php
- http://en####hanger.net/index.php
- http://ch####enforest.net/index.php
- http://fa####forest.net/index.php
- http://ei###rwheat.net/index.php
- http://en####hforest.net/index.php
- http://ex####school.net/index.php
- http://be####eschool.net/index.php
- http://ei####always.net/index.php
- http://en####halways.net/index.php
- http://ei####forest.net/index.php
- DNS ASK wh#####therefore.net
- DNS ASK ri####herefore.net
- DNS ASK fi####school.net
- DNS ASK ri###while.net
- DNS ASK wh####rquestion.net
- DNS ASK ri####uestion.net
- DNS ASK fi####question.net
- DNS ASK th####question.net
- DNS ASK fi####therefore.net
- DNS ASK th####school.net
- DNS ASK fi###ewhile.net
- DNS ASK th###hwhile.net
- DNS ASK su###nwhile.net
- DNS ASK fo####nwhile.net
- DNS ASK su####question.net
- DNS ASK ma#####therefore.net
- DNS ASK su####school.net
- DNS ASK fo####nschool.net
- DNS ASK wh####rschool.net
- DNS ASK ri###school.net
- DNS ASK wh####rwhile.net
- DNS ASK fo####nquestion.net
- DNS ASK su####therefore.net
- DNS ASK fo#####therefore.net
- DNS ASK th####therefore.net
- DNS ASK fa####therefore.net
- DNS ASK ei####school.net
- DNS ASK en####hschool.net
- DNS ASK ch#####nquestion.net
- DNS ASK fa####question.net
- DNS ASK ch#####ntherefore.net
- DNS ASK en####hquestion.net
- DNS ASK ei####therefore.net
- DNS ASK en#####therefore.net
- DNS ASK ei###rwhile.net
- DNS ASK en####hwhile.net
- DNS ASK ei####question.net
- DNS ASK ci####ttewhile.net
- DNS ASK pi####equestion.net
- DNS ASK ci#####tequestion.net
- DNS ASK pi####eschool.net
- DNS ASK ci####tteschool.net
- DNS ASK pi####ewhile.net
- DNS ASK fa####school.net
- DNS ASK ch####enwhile.net
- DNS ASK fa###ywhile.net
- DNS ASK pi#####therefore.net
- DNS ASK ci#####tetherefore.net
- DNS ASK ch####enschool.net
- DNS ASK pe####therefore.net
- DNS ASK pi####ealways.net
- DNS ASK ci####ttealways.net
- DNS ASK pi####eforest.net
- DNS ASK ci####ttewheat.net
- DNS ASK pi####eanger.net
- DNS ASK ci####tteanger.net
- DNS ASK ch####enanger.net
- DNS ASK fa###yanger.net
- DNS ASK ch####enalways.net
- DNS ASK ci####tteforest.net
- DNS ASK ch####enwheat.net
- DNS ASK fa###ywheat.net
- DNS ASK fi###ewheat.net
- DNS ASK th###hwheat.net
- DNS ASK fi###eanger.net
- DNS ASK ri###always.net
- DNS ASK wh####rforest.net
- DNS ASK ri###forest.net
- DNS ASK fi####forest.net
- DNS ASK th####forest.net
- DNS ASK pi####ewheat.net
- DNS ASK th###hanger.net
- DNS ASK fi####always.net
- DNS ASK th####always.net
- DNS ASK fa####always.net
- DNS ASK be####equestion.net
- DNS ASK ex####therefore.net
- DNS ASK be#####therefore.net
- DNS ASK ex###twhile.net
- DNS ASK be####ewhile.net
- DNS ASK ex####question.net
- DNS ASK ma####ewhile.net
- DNS ASK pe####question.net
- DNS ASK ma####equestion.net
- DNS ASK pe####school.net
- DNS ASK ma####eschool.net
- DNS ASK pe###nwhile.net
- DNS ASK en####hwheat.net
- DNS ASK ei###ranger.net
- DNS ASK en####hanger.net
- DNS ASK ch####enforest.net
- DNS ASK fa####forest.net
- DNS ASK ei###rwheat.net
- DNS ASK en####hforest.net
- DNS ASK ex####school.net
- DNS ASK be####eschool.net
- DNS ASK ei####always.net
- DNS ASK en####halways.net
- DNS ASK ei####forest.net
- ClassName: 'Shell_TrayWnd' WindowName: ''