Technical Information
- [<HKLM>\System\CurrentControlSet\Control\Print\Providers\1136] 'Name' = '<SYSTEM32>\spool\PRTPROCS\x64\11355EC.tmp'
- [<HKLM>\System\CurrentControlSet\Services\Spooler] 'Start' = '00000002'
- <SYSTEM32>\spool\prtprocs\x64\11355ec.tmp
- %TEMP%\ldr564a.tmp
- %TEMP%\ldr5659.tmp
- from <SYSTEM32>\spool\prtprocs\x64\11355ec.tmp to %TEMP%\1363e8.tmp