Technical Information
- %TEMP%\1.tmp
- %TEMP%\2.tmp
- %TEMP%\3.tmp.js
- '19#.#23.246.227':80
- '<SYSTEM32>\wscript.exe' "%TEMP%\3.tmp.js" 1652865565
- '<SYSTEM32>\cmd.exe' /c del /F /Q "<Full path to file>' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c del /F /Q "<Full path to file>