Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Micosoft' = '<SYSTEM32>\xwizard.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\x86 update.exe
- <SYSTEM32>\xwizard.exe
- <Full path to file>
- <SYSTEM32>\xwizard.exe
- 'uo####1.ddns.net':2222
- 'uo####2.ddns.net':2222
- 'uo####3.ddns.net':2222
- 'uo####4.ddns.net':2222
- 'uo####5.ddns.net':2222
- 'uo####6.ddns.net':2222
- 'uo####7.ddns.net':2222
- 'uo####8.ddns.net':2222
- 'uo####9.ddns.net':2222
- 'uo####10.ddns.net':2222
- 'uo####11.ddns.net':2222
- 'uo####12.ddns.net':2222
- DNS ASK uo####1.ddns.net
- DNS ASK uo####2.ddns.net
- DNS ASK uo####3.ddns.net
- DNS ASK uo####4.ddns.net
- DNS ASK uo####5.ddns.net
- DNS ASK uo####6.ddns.net
- DNS ASK uo####7.ddns.net
- DNS ASK uo####8.ddns.net
- DNS ASK uo####9.ddns.net
- DNS ASK uo####10.ddns.net
- DNS ASK uo####11.ddns.net
- DNS ASK uo####12.ddns.net
- '<SYSTEM32>\xwizard.exe'