Technical Information
- <SYSTEM32>\tasks\svchost
- %APPDATA%\.ecz4554786tmp\spoolsv.exe
- 'tu####.###es-un-bon-developpeur.fr':1664
- DNS ASK tu####.###es-un-bon-developpeur.fr
- '%APPDATA%\.ecz4554786tmp\spoolsv.exe'
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "<Full path to file>" /rl HIGHEST /f
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del <Full path to file>
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 3
- '<SYSTEM32>\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "%APPDATA%\.ECZ4554786tmp\spoolsv.exe" /rl HIGHEST /f