Technical Information
- '19#.#88.203.36':80
- http://19#.#88.203.36/session_3rjxwugEIytHWusY123
- '%WINDIR%\syswow64\cmd.exe' /c timeout 5 && del <Full path to file>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C PowerShell "Start-Sleep 5; Remove-Item <Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 5 && del <Full path to file>
- '%WINDIR%\syswow64\cmd.exe' /C PowerShell "Start-Sleep 5; Remove-Item <Full path to file>"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Start-Sleep 5; Remove-Item <Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5