Technical Information
- [<HKLM>\System\CurrentControlSet\Services\KBDSL1] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\KBDSL1] 'ImagePath' = '"%WINDIR%\SysWOW64\KBDSL1\KBDSL1.exe"'
- from <Full path to file> to %WINDIR%\syswow64\kbdsl1\kbdsl1.exe
- '46.##4.11.172':80
- '22#.#33.46.86':443
- http://22#.##3.46.86:443/Fywy09ybMt6JMM/ via 22#.#33.46.86