Technical Information
- %APPDATA%\tininiw\wininit.exe
- %TEMP%\b7b2dad25284.cmd
- nul
- %TEMP%\b7b2dad25284.cmd
- http://he####onichan.us/gate.php?ct##
- DNS ASK microsoft.com
- DNS ASK he####onichan.us
- '%APPDATA%\tininiw\wininit.exe' 0
- '%APPDATA%\tininiw\wininit.exe' 0' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\B7B2DAD25284.cmd" 0"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\B7B2DAD25284.cmd" 0"
- '%WINDIR%\syswow64\ping.exe' -n 4 127.0.0.1