Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Winupdtwo' = '%APPDATA%\sdfgsd\sdfg\1.0.0.0\winupd.exe'
- <PATH_SAMPLE>bp.exe
- %APPDATA%\sdfgsd\sdfg\1.0.0.0\winupd.exe
- %APPDATA%\sdfgsd\sdfg\1bp.exe
- %TEMP%\tmp.bka
- <PATH_SAMPLE>bp.exe
- %APPDATA%\sdfgsd\sdfg\1bp.exe
- '%APPDATA%\sdfgsd\sdfg\1.0.0.0\winupd.exe'
- '%APPDATA%\sdfgsd\sdfg\1.0.0.0\winupd.exe' ' (with hidden window)