Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'systemup' = '"%WINDIR%\systemup.exe" stand'
- %WINDIR%\systemup.exe
- DNS ASK yandex.ru
- DNS ASK su####arsinfo.net
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\systemup.exe' stand
- '%WINDIR%\systemup.exe' stand' (with hidden window)