Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Help System] 'ImagePath' = '%WINDIR%\system.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Help System] 'Start' = '00000002'
- %WINDIR%\system.exe
- from <Full path to file> to %TEMP%\18def0
- 'localhost':811
- 'localhost':822
- '11#.#9.149.124':2018
- '42.#1.45.51':1010
- '%WINDIR%\system.exe'