Technical Information
- %WINDIR%\tasks\ciseoa.job
- <SYSTEM32>\tasks\ciseoa
- %ALLUSERSPROFILE%\dvoib\ciseoa.exe
- 'ap#.#pify.org':443
- 'ip#.#eeip.org':443
- '86.#9.21.38':80
- '13#.#88.40.189':80
- '91.##3.81.212':80
- '18#.#7.101.81':8080
- '12#.31.0.34':9131
- '13#.#22.2.81':443
- '17#.#05.242.117':80
- 'ap#.#pify.org':443
- 'ip#.#eeip.org':443
- '91.##3.81.212':80
- '13#.#22.2.81':443
- DNS ASK de###coma.com
- DNS ASK de###coma.xyz
- DNS ASK ap#.#pify.org
- DNS ASK ip#.#eeip.org
- '%ALLUSERSPROFILE%\dvoib\ciseoa.exe' start
- '%ALLUSERSPROFILE%\dvoib\ciseoa.exe' start' (with hidden window)