Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'cissv' = '%APPDATA%\cissv.exe'
- cissv.exe
- %TEMP%\eccentricity\cullers.cct
- %TEMP%\nsad079.tmp\opals.dll
- %APPDATA%\cissv.exe
- %TEMP%\nsa934.tmp\opals.dll
- %TEMP%\nsad079.tmp\opals.dll
- %TEMP%\nsa934.tmp\opals.dll
- '255.255.255.255':9032
- DNS ASK ma##quis.pw
- '%APPDATA%\cissv.exe'
- '%APPDATA%\cissv.exe' ' (with hidden window)