Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ykqdx' = '%WINDIR%\smss.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ykqdx' = '%WINDIR%\smss.exe'
- <SYSTEM32>\cmd.exe
- %WINDIR%\smss.exe
- <Full path to file>
- '36.##5.193.132':8888
- '%WINDIR%\smss.exe'
- '<SYSTEM32>\cmd.exe' /c ping 1.1.1.1 -n 1 -w 1000 & del "<Full path to file>"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1000
- '<SYSTEM32>\cmd.exe'