Technical Information
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new
- <LS_APPDATA>\ApplicationHistory\<Virus name>.exe.bf81a5f0.ini
- %ALLUSERSPROFILE%\DRM\v2ks.sec
- %ALLUSERSPROFILE%\DRM\v2ks.bla
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2868.136187
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2868.136109
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.2868.136187
- from %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch to %WINDIR%\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.2868.136109
- 'ke###.##censekeyserver.com':443
- DNS ASK ke###.##censekeyserver.com