Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\TRThlfhCtX.eu.url
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %TEMP%\PS3m.9X
- %TEMP%\a8d03bf8-b491-f7cd-15fb-a993b64d707c
- %APPDATA%\TRThlfhCtX\TRThlfhCtX.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK bo#.####ismyipaddress.com
- DNS ASK wp#d
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'