Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'upda76' = '"%TEMP%\upda94.exe"'
- systemd.exe
- %TEMP%\systemd.exe
- %LOCALAPPDATA%\microsoft\svchost.exe
- %TEMP%\upda94.exe
- %LOCALAPPDATA%\microsoft\svchost.exe
- '%TEMP%\systemd.exe'
- '%LOCALAPPDATA%\microsoft\svchost.exe'