Technical Information
- %TEMP%\e94f009fe576959ec68a64daf6431165.exe
- %TEMP%\8a44b3655685afea6bc485882ed83c8f.vbs
- %TEMP%\e94f009fe576959ec68a64daf6431165.exe
- %TEMP%\8a44b3655685afea6bc485882ed83c8f.vbs
- <Full path to file>
- 'ge##ekt.xyz':80
- http://ge##ekt.xyz/api/update.php
- DNS ASK ge##ekt.xyz
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\8A44B3655685AFEA6BC485882ED83C8F.vbs"