Technical Information
- <SYSTEM32>\ctfmon.exe
- from <Full path to file> to <Full path to file>.bak
- <Full path to file>
- '12#.#25.114.144':80
- 'zx.###piao.163.com':80
- http://hi.##idu.com/aegifjftrggluze/item/be185dc989cae4f4984aa0df via 12#.#25.114.144
- http://zx.###piao.163.com/trend/cqssc/jiben-5xing.html?pe##############
- DNS ASK zx.###piao.163.com
- DNS ASK hi.##idu.com