Technical Information
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '8574' = '%ProgramFiles%\locals~1\temp\msvzvic.bat'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\connhost.exe
- %ProgramFiles%\locals~1\temp\msvzvic.bat
- %TEMP%\connhost.exe
- 'or####-ramette.fr':80
- http://or####-ramette.fr/misc/ai/image.php
- DNS ASK or####-ramette.fr
- '%TEMP%\connhost.exe'
- '%WINDIR%\syswow64\svchost.exe'