A Windows batch file has been discovered that abuses the ssh.exe tool in modern Windows versions to create a backdoor. The script adds a registry entry for persistence and uses SSH to set up a reverse tunnel, allowing remote access. It also downloads and executes a malicious file using a Dev Tunnels URL, a Microsoft feature similar to ngrok. The script disables host key verification and enables local command execution through SSH. While the specific malicious payload (Ghost.exe) is no longer available, it is suspected to be a Remote Access Trojan (RAT). This technique demonstrates the creative misuse of legitimate tools for malicious purposes.