Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NG5LKW6MGL' = '"%TEMP%\<File name>.js"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
- %TEMP%\<File name>.js
- '19#.#7.97.135':1111
- http://19#.##.97.135:1111/Vre via 19#.#7.97.135