Technical Information
- %TEMP%\d7577e0997d836b151f3483fab3ac524.exe
- %TEMP%\d2bee85864ffeadc3e4c8768ccefd963.vbs
- %TEMP%\d7577e0997d836b151f3483fab3ac524.exe
- %TEMP%\d2bee85864ffeadc3e4c8768ccefd963.vbs
- <Full path to file>
- 'ge##ekt.xyz':80
- http://ge##ekt.xyz/api/update.php
- DNS ASK ge##ekt.xyz
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\D2BEE85864FFEADC3E4C8768CCEFD963.vbs"