Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'userpc' = '%APPDATA%\userpc\Winxp.exe'
- %APPDATA%\userpc\winxp.exe
- %APPDATA%\userpc\.identifier
- 'bu###.#hickenkiller.com':3737
- DNS ASK bu###.#hickenkiller.com
- '%APPDATA%\userpc\winxp.exe'
- '%APPDATA%\userpc\winxp.exe' ' (with hidden window)