Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TcpIpCfg' = 'Rundll32 "%APPDATA%\ujmwmxi.dll" MainThread'
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\$$Delme1$$.bat"
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\ujmwmxi.dll" MainThread
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = '<local>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = ''
- %APPDATA%\ini.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\html[1].txt
- %APPDATA%\HTMLDATA
- %APPDATA%\ujmwmxi.dll
- %APPDATA%\$$Delme1$$.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lib[1].txt
- %APPDATA%\ujmwmxi.dll
- 'www.ya##dd.com':80
- 'localhost':1035
- www.ya##dd.com/html.txt?nj#####
- www.ya##dd.com/lib.txt?ns#####
- DNS ASK www.ya##dd.com
- ClassName: 'Indicator' WindowName: '(null)'