Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\tisiyu.lnk
- %ALLUSERSPROFILE%\Application Data\tisiyu\tisiyu.exe
- 'wp#d':80
- 'ch###asvc.com':80
- http://11#.#11.111.2/wpad.dat via wp#d
- http://ch###asvc.com/may8/bitcoin/PingPong.php
- DNS ASK ch###asvc.com
- DNS ASK wp#d
- '%ALLUSERSPROFILE%\Application Data\tisiyu\tisiyu.exe'