Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Windows Service' = '%HOMEPATH%\857648585795695\winvsn.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%HOMEPATH%\857648585795695\winvsn.exe' = '%HOMEPATH%\857648585795695\winvsn.exe:*:Enabled:Microsoft Windows Service'
- %HOMEPATH%\857648585795695\winvsn.exe
- %HOMEPATH%\857648585795695\winvsn.exe
- %HOMEPATH%\857648585795695\winvsn.exe
- 'sr##0.in':5050
- DNS ASK sr##0.in
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'HoaVan' WindowName: 'Kristi'
- ClassName: 'Anya' WindowName: 'Chie'