Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\rundll32\rundll32.exe
- %APPDATA%\app
- %TEMP%\server.exe
- 'ca###.anondns.net':80
- http://ca###.anondns.net/loader/uploads/Hypervpn_Zxdlfavq.bmp
- DNS ASK ca###.anondns.net
- '%TEMP%\server.exe'
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 1
- '%WINDIR%\syswow64\timeout.exe' /t 1
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20
- '%WINDIR%\syswow64\timeout.exe' 20