Technical Information
- [<HKLM>\System\CurrentControlSet\Services\KBDTAJIK] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\KBDTAJIK] 'ImagePath' = '"%WINDIR%\SysWOW64\KBDTAJIK\KBDTAJIK.exe"'
- from <Full path to file> to %WINDIR%\syswow64\kbdtajik\kbdtajik.exe
- '12#.#51.194.117':80
- http://12#.#51.194.117/twy2Khjj1/78ufZyJ1ohtjJ/9G39yu9thlnYzG/e2hu7L/T6z7ViGr/j97M4z1Qq/