Technical Information
- %WINDIR%\syswow64\infdefaultinstall.exe
- %WINDIR%\syswow64\cmd.exe
- <Current directory>\ka0ohelzs7b2.exe
- from <Full path to file> to %TEMP%\ka0ohelzs7b2\....\ka0ohelzs7b2
- 'te##.##sthotel360.com':80
- http://te##.##sthotel360.com/Data/AANNSC2El244SC6SEl161LV41JCCSNON41NLCYL64VCLJlLJV121QNQlJE6SLCQSA4l6O2QVY6VOOCY62AQJAS2N16C4NVLEY6YSENLVCJ6AJl6NJSL6L32303231C4EA38D4C23132C8D53231CAB13433B7D6...
- DNS ASK te##.##sthotel360.com
- '%WINDIR%\syswow64\cmd.exe' ' (with hidden window)
- '%WINDIR%\syswow64\infdefaultinstall.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\infdefaultinstall.exe'
- '%WINDIR%\syswow64\ipconfig.exe' /flushdns