"Recently, attackers have introduced Python script execution alongside these techniques ... to download an HTML Application (HTA) file ("cookienetbookinetcahce.hta") from a remote server ("192.3.220[.