Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'MicrosoftВ® Windows System' = '%HOMEPATH%\M-1-52-5782-8754-5245\winsix.exe'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\M-1-52-5782-8754-5245\winsix.exe' = '%HOMEPATH%\M-1-52-...
- winsix.exe
- %HOMEPATH%\m-1-52-5782-8754-5245\winsix.exe
- %HOMEPATH%\m-1-52-5782-8754-5245\winsix.exe
- DNS ASK pr####afe.mrkva.su
- '%HOMEPATH%\m-1-52-5782-8754-5245\winsix.exe'
- '%HOMEPATH%\m-1-52-5782-8754-5245\winsix.exe' ' (with hidden window)