Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\a0497.exe.exe
- '%WINDIR%\syswow64\net.exe' stop wscsvc
- %TEMP%\ixp000.tmp\.download-server.exe
- %TEMP%\ixp000.tmp\winima81.exe
- '%TEMP%\ixp000.tmp\.download-server.exe'
- '%WINDIR%\syswow64\net.exe' stop wscsvc' (with hidden window)
- '%WINDIR%\syswow64\net1.exe' stop wscsvc