Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmon.exe' = '%WINDIR%\SYSTEM\ctfmon.exe'
- '<SYSTEM32>\ftp.exe' -s:feng.txt
- <Current directory>\feng.txt
- %WINDIR%\system\ctfmon.exe
- <Current directory>\feng.txt
- 'wx##.vicp.net':21
- 'localhost':1036
- DNS ASK wx##.vicp.net