Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\integraphicsdriverupdate.vbs
- C:\users\public\0.ps1
- 'pa##e.ee':443
- '18#.#1.157.117':7776
- http://18#.##.157.117:7776/Vre via 18#.#1.157.117
- 'pa##e.ee':443
- DNS ASK pa##e.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy RemoteSigned -File C:\Users\Public\0.PS1