Technical Information
- %TEMP%\72a79960a8972e7c1829ab5039a333c8.exe
- %TEMP%\d81bd2bb3b4fa3d569da5bde30bfec90.vbs
- %TEMP%\72a79960a8972e7c1829ab5039a333c8.exe
- %TEMP%\d81bd2bb3b4fa3d569da5bde30bfec90.vbs
- <Full path to file>
- 'ge##ekt.xyz':80
- http://ge##ekt.xyz/api/update.php
- DNS ASK ge##ekt.xyz
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\D81BD2BB3B4FA3D569DA5BDE30BFEC90.vbs"