Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '8c0639f8bb945d204f6da942d18b93f4' = '"%APPDATA%\pokastopy.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '8c0639f8bb945d204f6da942d18b93f4' = '"%APPDATA%\pokastopy.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\pokastopy.exe" "pokastopy.exe" ENABLE
- %TEMP%\taskmgr.exe
- %TEMP%\toosoon.jpg
- %TEMP%\lmiktqy
- %APPDATA%\pokastopy.exe
- '79.##0.52.61':1604
- '%TEMP%\taskmgr.exe'
- '%APPDATA%\pokastopy.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\pokastopy.exe" "pokastopy.exe" ENABLE' (with hidden window)