Technical Information
- <Current directory>\wyoo5l9kn0e7.exe
- <Current directory>\config.ini
- from <Full path to file> to %TEMP%\wyoo5l9kn0e7\....\wyoo5l9kn0e7
- 'te##.##sthotel360.com':80
- 'ht##.##sthotel360.com':80
- http://te##.##sthotel360.com/001/puppet.Txt?39####
- http://te##.##sthotel360.com/Data/8HRKKWTRHZ0KTGZTMDMRKHUFRFUXZUHXXUZ0GKRMT0ZZ8FHDFZ0FZRH8FWHRKTHBFKHGZ0WMXXGMHWM08G0WXRT8HXB8ZBFD000BKF0FWGWRHZMW32303231C4EA39D4C234C8D533CAB13530B7D63135C3EB....
- http://te##.##sthotel360.com/001/Tips.txt?40####
- DNS ASK te##.##sthotel360.com
- DNS ASK ht##.##sthotel360.com
- ClassName: 'Progman' WindowName: 'Program Manager'
- ClassName: 'CrossFire' WindowName: ''
- '%WINDIR%\syswow64\ipconfig.exe' /flushdns