Technical Information
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'flood' = '%WINDIR%\InstallDir\Server.exe'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'update' = '%WINDIR%\InstallDir\Server.exe'
- [HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{UDSJO3L5-XD46-H5T2-PNM2-886W401Q2WFR}] 'StubPath' = '%WINDIR%\InstallDir\Server.exe restart'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'floods' = '%WINDIR%\InstallDir\Server.exe'
- %WINDIR%\syswow64\rundll32.exe
- %WINDIR%\installdir\server.exe
- DNS ASK de####nd.no-ip.biz
- '%WINDIR%\syswow64\rundll32.exe'