Technical Information
- %TEMP%\d775ddc11d63c4ef880653d4ad4ce1d6.exe
- %TEMP%\d3c0c33c78c052b58fd6c2fdfd749e3c.vbs
- %TEMP%\d775ddc11d63c4ef880653d4ad4ce1d6.exe
- %TEMP%\d3c0c33c78c052b58fd6c2fdfd749e3c.vbs
- <Full path to file>
- 'ge##ekt.xyz':80
- http://ge##ekt.xyz/api/update.php
- DNS ASK ge##ekt.xyz
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\D3C0C33C78C052B58FD6C2FDFD749E3C.vbs"