Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa53ccd7087b2ccf968c98f83e85845e' = '"%WINDIR%\DJ-HacKeR.ExE" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'fa53ccd7087b2ccf968c98f83e85845e' = '"%WINDIR%\DJ-HacKeR.ExE" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\fa53ccd7087b2ccf968c98f83e85845e.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\DJ-HacKeR.ExE" "DJ-HacKeR.ExE" ENABLE
- %WINDIR%\dj-hacker.exe
- 'xt######thackr.no-ip.biz':5552
- DNS ASK xt######thackr.no-ip.biz
- '%WINDIR%\dj-hacker.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\DJ-HacKeR.ExE" "DJ-HacKeR.ExE" ENABLE' (with hidden window)