Technical Information
- [<HKLM>\System\CurrentControlSet\Services\KBDIR] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\KBDIR] 'ImagePath' = '"%WINDIR%\SysWOW64\KBDIR\KBDIR.exe"'
- from <Full path to file> to %WINDIR%\syswow64\kbdir\kbdir.exe
- '41.##9.20.147':8090
- '72.##.33.195':8080
- http://72.##.33.195:8080/Qt1Sz20JCNpAnvnH/cG8XWRfRGmcQEg9ege/GOoGfkEFX/ via 72.##.33.195