Technical Information
- '<SYSTEM32>\wscript.exe' "%TEMP%\LL2h.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\w5I.vbs"
- '%WINDIR%\explorer.exe' %TEMP%\LL2h.vbs
- '%WINDIR%\explorer.exe' %TEMP%\w5I.vbs
- %TEMP%\ll2h.vbs
- %TEMP%\bwzwi.txt
- %TEMP%\w5i.vbs
- %TEMP%\ll2h.vbs
- %TEMP%\bwzwi.txt
- %TEMP%\w5i.vbs
- http://an#####adrilling.com/wp-keys.php
- DNS ASK an#####adrilling.com
- '%WINDIR%\explorer.exe' %TEMP%\LL2h.vbs' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%TEMP%\LL2h.vbs"' (with hidden window)
- '%WINDIR%\explorer.exe' %TEMP%\w5I.vbs' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%TEMP%\w5I.vbs"' (with hidden window)