Technical Information
- %WINDIR%\Temp\new.bat
- %WINDIR%\Temp\up.bat
- %WINDIR%\Temp\curl.exe
- %WINDIR%\Temp\win32shell.bat
- from %WINDIR%\Temp\new.bat to %WINDIR%\Temp\win32shell.bat
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\up.bat" "
- '<SYSTEM32>\attrib.exe' -s -h -r win32shell.bat
- '<SYSTEM32>\attrib.exe' -s -h -r download.exe
- '<SYSTEM32>\ping.exe' 127.0.0.1
- '<SYSTEM32>\attrib.exe' +s +h +r win32shell.bat