Technical Information
- <SYSTEM32>\dllcache\spoolsv.exe with <SYSTEM32>\dllcache\spoolsv.exe.new
- <SYSTEM32>\spoolsv.exe with <SYSTEM32>\spoolsv.exe.new
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\Temp\2.tmp
- %TEMP%\1.tmp
- %WINDIR%\Temp\2.tmp
- %TEMP%\1.tmp
- from <SYSTEM32>\spoolsv.exe to %WINDIR%\Temp\4.tmp
- from <Full path to virus> to %TEMP%\3.tmp