Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Defghi Klmnopqr Tuv] 'ImagePath' = '%WINDIR%\System.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Defghi Klmnopqr Tuv] 'Start' = '00000002'
- '%WINDIR%\System.exe'
- %WINDIR%\System.exe
- from <Full path to file> to %TEMP%\186edc
- '12#.#2.149.164':8080