Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '<SYSTEM32>\explore.exe' = '<SYSTEM32>\explore.exe'
- [<HKLM>\Software\Classes\txtfile\shell\open\command] '' = '%WINDIR%\SysWow64\explore.exe'
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- %WINDIR%\syswow64\explore.exe
- <Full path to file>hacked.jpg
- 'ut###ogs.com':80
- http://ut###ogs.com/wp-content/uploads/2015/01/hacked.jpg
- DNS ASK ut###ogs.com