Technical Information
Modifies file system:
Creates the following files:
- %TEMP%\~DF3C63.tmp
- %TEMP%\~DF3D37.tmp
- %TEMP%\~DF35EF.tmp
- %TEMP%\~DF3C0C.tmp
- %TEMP%\~DF3D8E.tmp
- %ALLUSERSPROFILE%\DRM\DRMv1.bak
- %TEMP%\drmtemp1.htm
- %TEMP%\~DF3E53.tmp
- %ALLUSERSPROFILE%\DRM\DRMv1.key
- %TEMP%\~DFD528.tmp
- %TEMP%\~DF2B19.tmp
- %ALLUSERSPROFILE%\DRM\v2ks.sec
- %ALLUSERSPROFILE%\DRM\v2ks.bla
- %TEMP%\~DF2F2D.tmp
- %TEMP%\~DF30AF.tmp
- %TEMP%\~DF3171.tmp
- %TEMP%\~DF2F84.tmp
- %TEMP%\~DF3058.tmp
Sets the 'hidden' attribute to the following files:
- %ALLUSERSPROFILE%\DRM\DRMv1.key
- %ALLUSERSPROFILE%\DRM\DRMv1.bak
Network activity:
Connects to:
- 'www.ch###-drm.com':80
- 'localhost':1036
TCP:
HTTP POST requests:
- http://www.ch###-drm.com/test.asp?id#############
UDP:
- DNS ASK www.ch###-drm.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''