Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'explorer.exe' = '%TEMP%\explorer.exe'
- %TEMP%\Killer[x auto] x20 ... v4 .. By - Wa7.exe
- %TEMP%\explorer.exe
- 'xm##.#.chatme.im':5222
- 'ni####ing.hexat.com':80
- 'wp#d':80
- http://ni####ing.hexat.com/target
- http://ni####ing.hexat.com/p
- http://11#.#11.111.1/wpad.dat via wp#d
- http://ni####ing.hexat.com/fuckers
- DNS ASK xm##.#.chatme.im
- DNS ASK ni####ing.hexat.com
- DNS ASK wp#d
- '%TEMP%\Killer[x auto] x20 ... v4 .. By - Wa7.exe'
- '%TEMP%\explorer.exe'