Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = 'autocheck autochk *\n%TEMP%\sgi.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'aslyrez' = '%TEMP%\USCL.txt'
- '%TEMP%\cnawip.exe' {06407fc0-0b13-11e1-9859-806d6172696f} "<Full path to file>"
- %TEMP%\sgi.exe
- %TEMP%\cnawip.exe
- %TEMP%\USCL.txt
- <Full path to file>
- '91.##7.104.175':80
- http://91.##7.104.175/abcd/add.php