Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{63E16148-3A71-99D9-2524-FE3574645AFF}] 'StubPath' = '<SYSTEM32>\ssopure.exe'
- %WINDIR%\syswow64\ssopure.exe
- %WINDIR%\syswow64\ssopure.exe
- '%WINDIR%\syswow64\ssopure.exe'
- '%WINDIR%\syswow64\ssopure.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "%WINDIR%\SysWOW64\ssopure.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "%WINDIR%\SysWOW64\ssopure.exe"
- '%WINDIR%\syswow64\cmd.exe' /c del "<Full path to file>"