Technical Information
- %WINDIR%\syswow64\ctfmon.exe
- '12#.#29.224.2':8881
- 'ip##8.com':80
- 'ip##8.com':443
- http://www.ip##8.com/
- http://20##.ip138.com/
- http://12#.##9.224.2:8881/api/get_advertisement via 12#.#29.224.2
- 'ip##8.com':443
- DNS ASK ip##8.com
- DNS ASK 20##.ip138.com
- '%WINDIR%\syswow64\ctfmon.exe' 2548 <Full path to file>