Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'chkdskx' = '%PROGRAMDATA%\zw9oyxj.exe'
- %TEMP%\x3ofi0yq.exe
- %TEMP%\cscomp.dll
- %PROGRAMDATA%\zw9oyxj.exe
- %PROGRAMDATA%\zw9oyxj.exe
- http://ap#.##pmania.com/
- DNS ASK ap#.##pmania.com
- DNS ASK ci#####k0de.no-ip.org
- '%PROGRAMDATA%\zw9oyxj.exe'