Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] '<File name>' = 'wscript.exe //B "%APPDATA%\<File name>.vbs"'
- [<HKLM>\software\microsoft\windows\currentversion\run] '<File name>' = 'wscript.exe //B "%APPDATA%\<File name>.vbs"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.vbs
- %APPDATA%\<File name>.vbs
- '17#.#21.14.109':80
- http://17#.#21.14.109/ct/gate.php