Launching a JavaScript file directly from a ZIP.
It contacts a Command and Control (C2) server to download a "next-stage" payload. 0j7RXAG85Db5cpHfNCWF.zip
If the file has not been opened, delete it and clear the browser cache. Launching a JavaScript file directly from a ZIP
Check for scheduled tasks or registry keys pointing to wscript.exe or cscript.exe . 0j7RXAG85Db5cpHfNCWF.zip
Immediately disconnect the affected machine from the network.
Ensure your EDR (Endpoint Detection and Response) is set to block unsigned script execution.