Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = 'autocheck autochk *\n%TEMP%\edav.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'acwcw' = '%TEMP%\HILLARY.txt'
- '%TEMP%\egpd.exe' {06407fc0-0b13-11e1-9859-806d6172696f} "<Full path to file>"
- egpd.exe
- %TEMP%\edav.exe
- %TEMP%\egpd.exe
- %TEMP%\HILLARY.txt
- '91.##7.104.175':80
- http://91.##7.104.175/abcd/add.php