Technical Information
- <SYSTEM32>\wintray.vbs
- <SYSTEM32>\wintray.vbs
- 'ww###.#ippyshare.com':443
- DNS ASK ww###.#ippyshare.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-Item "<SYSTEM32>\wintray.vbs" -Stream Zone.Identifier
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\wintray.vbs"
- '<SYSTEM32>\attrib.exe' +H <SYSTEM32>\wintray.vbs' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-Item "<SYSTEM32>\wintray.vbs" -Stream Zone.Identifier' (with hidden window)
- '<SYSTEM32>\wscript.exe' "<SYSTEM32>\wintray.vbs"' (with hidden window)
- '<SYSTEM32>\attrib.exe' +H <SYSTEM32>\wintray.vbs