Technical Information
- %TEMP%\0b623d14bd95756ebcf44a0c3e0cbe18.exe
- %TEMP%\4555b16ab24b7b3513c3ba3a0b3d3c5f.vbs
- %TEMP%\0b623d14bd95756ebcf44a0c3e0cbe18.exe
- %TEMP%\4555b16ab24b7b3513c3ba3a0b3d3c5f.vbs
- <Full path to file>
- 'ge##ekt.xyz':80
- http://ge##ekt.xyz/api/update.php
- DNS ASK ge##ekt.xyz
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\4555B16AB24B7B3513C3BA3A0B3D3C5F.vbs"