Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'CHKDSK0' = '%APPDATA%\CHKDSK0.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CHKDSK0' = '%APPDATA%\CHKDSK0.exe'
- %APPDATA%\CHKDSK0.exe
- %APPDATA%\winup17.dat
- 'ma##.##icante.com.br':587
- DNS ASK ma##.##icante.com.br