Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a4c4bc7ecf0ff5e7b48f610fcc51ca8c' = '"%WINDIR%\Donuts.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'a4c4bc7ecf0ff5e7b48f610fcc51ca8c' = '"%WINDIR%\Donuts.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\Donuts.exe" "Donuts.exe" ENABLE
- %WINDIR%\donuts.exe
- 'ap#.#rweabo.com':443
- DNS ASK ap#.#rweabo.com
- '%WINDIR%\donuts.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\Donuts.exe" "Donuts.exe" ENABLE' (with hidden window)