Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wuauserv] 'Start' = '00000002'
- %TEMP%\vx0fdee.tmp
- <SYSTEM32>\shellapi.dll
- C:\栘
- %TEMP%\vx0fdee.tmp
- <SYSTEM32>\shellapi.dll
- from <Full path to file> to %TEMP%\$f19279.tmp
- '%TEMP%\vx0fdee.tmp' "<Full path to file>"
- '%TEMP%\vx0fdee.tmp' "<Full path to file>"' (with hidden window)