Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Win32.HLLW.Autoruner3.2461
Aggiunto al database dei virus Dr.Web:
2020-08-01
La descrizione è stata aggiunta:
2020-08-02
Technical Information
To ensure autorun and distribution
Creates the following files on removable media
<Drive name for removable media>:\dblue3.lnk
<Drive name for removable media>:\kblue6.lnk
<Drive name for removable media>:\jblue6.lnk
<Drive name for removable media>:\iblue6.lnk
<Drive name for removable media>:\hblue6.lnk
<Drive name for removable media>:\gblue6.lnk
<Drive name for removable media>:\fblue6.lnk
<Drive name for removable media>:\eblue6.lnk
<Drive name for removable media>:\blue6.bin
<Drive name for removable media>:\dblue6.lnk
<Drive name for removable media>:\kblue3.lnk
<Drive name for removable media>:\jblue3.lnk
<Drive name for removable media>:\iblue3.lnk
<Drive name for removable media>:\hblue3.lnk
<Drive name for removable media>:\gblue3.lnk
<Drive name for removable media>:\fblue3.lnk
<Drive name for removable media>:\eblue3.lnk
<Drive name for removable media>:\blue3.bin
<Drive name for removable media>:\readme.js
Modifies file system
Creates the following files
%TEMP%\s6kr8ihi.0.cs
%TEMP%\res1e3f.tmp
%TEMP%\csc1e1f.tmp
%TEMP%\pyyiezg6.out
%TEMP%\pyyiezg6.cmdline
%TEMP%\pyyiezg6.0.cs
%TEMP%\xbhqrqjt.dll
%TEMP%\res174a.tmp
%TEMP%\csc171a.tmp
%TEMP%\xbhqrqjt.out
%TEMP%\xbhqrqjt.cmdline
%TEMP%\pyyiezg6.dll
%TEMP%\xbhqrqjt.0.cs
%TEMP%\resfe15.tmp
%TEMP%\cscfe04.tmp
%TEMP%\_c3j4zk5.out
%TEMP%\_c3j4zk5.cmdline
%TEMP%\_c3j4zk5.0.cs
%TEMP%\s6kr8ihi.dll
%TEMP%\resf9fe.tmp
%TEMP%\cscf9ed.tmp
%TEMP%\s6kr8ihi.out
%TEMP%\s6kr8ihi.cmdline
%TEMP%\_c3j4zk5.dll
%TEMP%\mimi.dat
Deletes the following files
%TEMP%\resf9fe.tmp
%TEMP%\pyyiezg6.cmdline
%TEMP%\pyyiezg6.0.cs
%TEMP%\pyyiezg6.out
%TEMP%\csc1e1f.tmp
%TEMP%\res1e3f.tmp
%TEMP%\xbhqrqjt.0.cs
%TEMP%\xbhqrqjt.pdb
%TEMP%\xbhqrqjt.cmdline
%TEMP%\xbhqrqjt.out
%TEMP%\xbhqrqjt.dll
%TEMP%\csc171a.tmp
%TEMP%\res174a.tmp
%TEMP%\_c3j4zk5.cmdline
%TEMP%\_c3j4zk5.0.cs
%TEMP%\_c3j4zk5.out
%TEMP%\_c3j4zk5.dll
%TEMP%\_c3j4zk5.pdb
%TEMP%\cscfe04.tmp
%TEMP%\resfe15.tmp
%TEMP%\s6kr8ihi.cmdline
%TEMP%\s6kr8ihi.pdb
%TEMP%\s6kr8ihi.dll
%TEMP%\s6kr8ihi.out
%TEMP%\s6kr8ihi.0.cs
%TEMP%\cscf9ed.tmp
%TEMP%\pyyiezg6.pdb
%TEMP%\pyyiezg6.dll
Network activity
TCP
HTTP GET requests
http://d.##kng.com/mimi.dat?v=####
UDP
Miscellaneous
Creates and executes the following
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\s6kr8ihi.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF9FE.tmp" "%TEMP%\CSCF9ED.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\_c3j4zk5.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFE15.tmp" "%TEMP%\CSCFE04.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\xbhqrqjt.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES174A.tmp" "%TEMP%\CSC171A.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\pyyiezg6.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1E3F.tmp" "%TEMP%\CSC1E1F.tmp"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\umq0atdb.cmdline"' (with hidden window)
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES12F0.tmp" "%TEMP%\CSC12D0.tmp"' (with hidden window)
Executes the following
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\s6kr8ihi.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF9FE.tmp" "%TEMP%\CSCF9ED.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\_c3j4zk5.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFE15.tmp" "%TEMP%\CSCFE04.tmp"
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -s -NoLogo -NoProfile
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\xbhqrqjt.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES174A.tmp" "%TEMP%\CSC171A.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\pyyiezg6.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES1E3F.tmp" "%TEMP%\CSC1E1F.tmp"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\umq0atdb.cmdline"
'%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES12F0.tmp" "%TEMP%\CSC12D0.tmp"
'<SYSTEM32>\ipconfig.exe' /all
'<SYSTEM32>\ipconfig.exe' /displaydns
'<SYSTEM32>\netstat.exe' -ano
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK