Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xwiz32.exe' = '"%ALLUSERSPROFILE%\xwiz32.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xwiz32.exe' = '"%ALLUSERSPROFILE%\xwiz32.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\xwiz32.url
- %HOMEPATH%\Start Menu\Programs\Startup\xwiz32.exe
- '%ALLUSERSPROFILE%\xwiz32.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc onstart /mo 1 /tn nyan /tr %ALLUSERSPROFILE%\xwiz32.exe
- %ALLUSERSPROFILE%\xwiz32.exe
- %ALLUSERSPROFILE%\xwiz32.exe
- %HOMEPATH%\Start Menu\Programs\Startup\xwiz32.exe
- 'in#####rver.ddns.net':39898
- DNS ASK in#####rver.ddns.net