PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.25252

Added to the Dr.Web virus database: 2025-07-10

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\eq7k2xcxt horse yzw1afy nom72kl legs .avi.exe
  • %ProgramFiles%\dvd maker\shared\fac71w2 h93bklf ihthd33 lzxyhb7k .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\jxaglwti 8ok6yf [bangbus] sweet .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\wpjwijv mzwpstr8n w6csjja14n1 girls boobs .mpg.exe
  • %ProgramFiles%\microsoft office\templates\ddqayq yzw1afy l9hwcs7vvnphd9 .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z9z7rwe ddqayq cum big sm .mpg.exe
  • %ProgramFiles%\windows journal\templates\8ok6yf hot (!) .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\h93bklf epyxwn nrb42wq (sonja).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\jxaglwti ddqayq nom72kl mg9fvb2xk9 (karin,sarah).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\beast sgu4m7oc .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7nd83wovj ddqayq 7vepaqjm (jade,g6u8n4r).rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\wpjwijv mzwpstr8n epyxwn sgoibhh .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\wpjwijv ddqayq xxx girls .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\lpcu5ai3 apv53deiq9fw ash .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse wep6b08 ihthd33 nmibe2 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z1qxwcd yzw1afy wep6b08 l9hwcs7vvnphd9 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z1qxwcd h93bklf nom72kl vjq39c1gwy boobs rv0y8n .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\bd1l5ir horse nom72kl (cy4xpd,sonja).avi.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec 7nd83wovj sgu4m7oc .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt porn nom72kl nom72kl glans .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\7b6fhxi nude uncut .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black nude uncut rv0y8n .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\zc8giv9 nom72kl [milf] (c4w8hqa,sarah).mpeg.exe
  • %ALLUSERSPROFILE%\templates\z1qxwcd h93bklf nude bq4kno kfp2yqq .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\7nd83wovj wep6b08 [milf] young (sonja).avi.exe
  • C:\users\default\appdata\local\temp\black tsomq34 uncut boobs .zip.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 wep6b08 uncut lady (sonja).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\s2fkave w6csjja14n1 8ok6yf epyxwn zmc8ujp .mpeg.exe
  • C:\users\default\templates\z9z7rwe tsomq34 porn bq4kno b37oavmx289 .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\zc8giv9 sperm vjq39c1gwy sgoibhh .mpg.exe
  • %TEMP%\black beast uncut sweet .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\black tsomq34 horse [free] titts sm .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\0287zh horse mzwpstr8n hot (!) b37oavmx289 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt ddqayq hot (!) gsva2xn .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\sperm apv53deiq9fw (dxocjwba,liz).mpeg.exe
  • %APPDATA%\microsoft\templates\asian h93bklf l9hwcs7vvnphd9 zn3tvn .mpg.exe
  • %APPDATA%\microsoft\windows\templates\nude nom72kl ol6p1tua (karin).rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\bd1l5ir bq4kno hole fw58kpr41ob1w .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z1qxwcd w6csjja14n1 hot (!) ash .mpeg.exe
  • %HOMEPATH%\templates\8r3baiec bd1l5ir epyxwn boobs nmibe2 (sandy).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\xxx 7vepaqjm sm .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\4h1e2a346 w6csjja14n1 [bangbus] qq6w54yfhtqrbwcslg (haj1oyikd,jenna).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\lpcu5ai3 7vepaqjm (2hbt8wr).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8ok6yf bd1l5ir hot (!) .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tsomq34 l9hwcs7vvnphd9 sm (g6u8n4r).zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\viaz50 h93bklf apv53deiq9fw jxqgtp .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gzn4ud7e xakmpl nude vjq39c1gwy hole balls (jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f07qtt nude big (sonja).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\s2fkave mzwpstr8n hot (!) boobs .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\horse [free] glans sgoibhh (sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xakmpl ihthd33 40+ (jade,dehod0).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\horse lpcu5ai3 girls hotel .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\7b6fhxi cum big shoes .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\7b6fhxi w6csjja14n1 [bangbus] ash nmibe2 (cy4xpd,jenna).mpg.exe
  • %WINDIR%\assembly\temp\beast apv53deiq9fw glans .avi.exe
  • %WINDIR%\assembly\tmp\yzw1afy xakmpl [milf] cock qx2j1b5 (rdl1tfkz).mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt bd1l5ir tsomq34 l9hwcs7vvnphd9 (cy4xpd).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\xxx vjq39c1gwy .zip.exe
  • %WINDIR%\pla\templates\4h1e2a346 gay cum [milf] mg9fvb2xk9 .zip.exe
  • %WINDIR%\security\templates\z9z7rwe l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy girls kfp2yqq wifey .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\z9z7rwe horse cum [bangbus] glans .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\h93bklf nude big .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\wpjwijv sperm w6csjja14n1 apv53deiq9fw .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 l9hwcs7vvnphd9 (dxocjwba).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\viaz50 yzw1afy sgu4m7oc nrb42wq .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ 7vepaqjm titts 6tl9zg0uqa .mpg.exe
  • %WINDIR%\syswow64\fxstmp\porn w6csjja14n1 girls gsva2xn (cy4xpd).zip.exe
  • %WINDIR%\syswow64\ime\shared\w6csjja14n1 cum epyxwn feet (jenna,36mho73).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\bd1l5ir l9hwcs7vvnphd9 zn3tvn (liz).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 [free] cock .avi.exe
  • %WINDIR%\syswow64\fxstmp\asian h93bklf l9hwcs7vvnphd9 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\fac71w2 mnho9y54 tsomq34 sgu4m7oc .mpeg.exe
  • %WINDIR%\temp\zc8giv9 cum ddqayq sgu4m7oc (c4w8hqa,dxocjwba).mpeg.exe
  • %WINDIR%\winsxs\installtemp\porn uncut titts rv0y8n (jenna,c4w8hqa).mpg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\horse sgu4m7oc .zip.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx horse mnho9y54 l9hwcs7vvnphd9 feet .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f1i7cm xakmpl horse [bangbus] (cy4xpd).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\upfgetx bd1l5ir sperm [bangbus] sgoibhh .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mzwpstr8n vjq39c1gwy glans (sandy,karin).avi.exe
  • %ProgramFiles%\microsoft office\templates\fac71w2 bd1l5ir beast vjq39c1gwy zn3tvn .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f1i7cm bd1l5ir mzwpstr8n 7vepaqjm titts .mpg.exe
  • %ProgramFiles%\windows journal\templates\yzw1afy vjq39c1gwy (2hbt8wr).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f1i7cm nude beast uncut wifey (sonja,2hbt8wr).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt wep6b08 lpcu5ai3 l9hwcs7vvnphd9 glans .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\sperm bq4kno (sarah).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\lpcu5ai3 [bangbus] titts 6tl9zg0uqa .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f07qtt 8ok6yf sperm l9hwcs7vvnphd9 hairy (sandy,karin).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black ddqayq vjq39c1gwy glans (sandy,c4w8hqa).zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\tsomq34 epyxwn titts 40+ .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay sgu4m7oc .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yzw1afy big hole shoes .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 [milf] young .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave ddqayq sperm uncut titts .rar.exe
  • %ALLUSERSPROFILE%\templates\gay [milf] titts hairy (jade).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm uncut cock .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 8ok6yf mzwpstr8n [free] hotel .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx wep6b08 sperm apv53deiq9fw hole latex (liz).mpg.exe
  • %ALLUSERSPROFILE%\templates\yzw1afy l9hwcs7vvnphd9 zn3tvn .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\tsomq34 big (dxocjwba).mpg.exe
  • C:\users\default\appdata\local\temp\yzw1afy hot (!) young .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e 7nd83wovj ihthd33 ejn547rbxhd1 .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\beast ihthd33 titts .rar.exe
  • C:\users\default\templates\z9z7rwe porn lpcu5ai3 big ash .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\yzw1afy [milf] hole (sonja,karin).mpg.exe
  • %TEMP%\upfgetx ddqayq mnho9y54 uncut titts .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\yzw1afy [milf] gsva2xn .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\tsomq34 [milf] hole .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt wep6b08 gay [free] .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\sperm nom72kl hole nrb42wq .mpg.exe
  • %APPDATA%\microsoft\templates\tsomq34 apv53deiq9fw .rar.exe
  • %APPDATA%\microsoft\windows\templates\gzn4ud7e horse mnho9y54 l9hwcs7vvnphd9 titts .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\8r3baiec 7nd83wovj mnho9y54 uncut titts lzxyhb7k .mpg.exe
  • %HOMEPATH%\templates\ uncut titts rv0y8n (cy4xpd).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ uncut ejn547rbxhd1 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n ihthd33 hole (haj1oyikd,jade).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f07qtt bd1l5ir xxx vjq39c1gwy gh5b6gd7wrv .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\beast [milf] ash .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\black 8ok6yf mnho9y54 ihthd33 titts qx2j1b5 .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black 8ok6yf nom72kl hole ejn547rbxhd1 (g6u8n4r).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\s2fkave nude mzwpstr8n hot (!) latex .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f1i7cm 7nd83wovj horse girls (2hbt8wr).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black nude horse apv53deiq9fw gh5b6gd7wrv (gina,jade).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\lpcu5ai3 [milf] .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\beast l9hwcs7vvnphd9 titts .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\lpcu5ai3 hot (!) hole 8bgkvshe1 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\gay girls fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gzn4ud7e 8ok6yf beast uncut feet girly .avi.exe
  • %WINDIR%\assembly\temp\black ddqayq sperm epyxwn hole wifey (2hbt8wr).rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\0287zh nom72kl cock hairy .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\beast uncut cock sm .avi.exe
  • %WINDIR%\pla\templates\tsomq34 7vepaqjm nmibe2 .rar.exe
  • %WINDIR%\security\templates\fac71w2 horse mzwpstr8n epyxwn (jade).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f1i7cm porn mzwpstr8n uncut rv0y8n .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave 7nd83wovj horse apv53deiq9fw glans shoes .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\tsomq34 girls mg9fvb2xk9 .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx bd1l5ir nom72kl [free] js80j73 .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e bd1l5ir mnho9y54 epyxwn .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\sperm uncut qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave 8ok6yf mzwpstr8n [milf] .avi.exe
  • %WINDIR%\syswow64\fxstmp\cum mnho9y54 [bangbus] latex .mpg.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt bd1l5ir mzwpstr8n big (sarah).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 porn yzw1afy big qx2j1b5 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gay uncut zmc8ujp .rar.exe
  • %WINDIR%\syswow64\fxstmp\mnho9y54 sgu4m7oc feet eigt45 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave porn mzwpstr8n vjq39c1gwy 6tl9zg0uqa .zip.exe
  • %WINDIR%\temp\f07qtt cum sperm [milf] ash .avi.exe
  • %WINDIR%\winsxs\installtemp\xakmpl gay hot (!) mg9fvb2xk9 (jenna,cy4xpd).zip.exe
  • %CommonProgramFiles%\microsoft shared\gay hot (!) ash (dehod0).avi.exe
  • %CommonProgramFiles%\microsoft shared\jxaglwti mzwpstr8n uncut cock .avi.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx sperm [bangbus] sweet .zip.exe
  • %ProgramFiles%\dvd maker\shared\wep6b08 [bangbus] kfp2yqq ejn547rbxhd1 .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\7nd83wovj nom72kl cock 50+ .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\wep6b08 nom72kl big 8pfmdyy (liz,sandy).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ddqayq [free] js80j73 .rar.exe
  • %ProgramFiles%\microsoft office\templates\beast ddqayq uncut .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\sperm sgu4m7oc jxqgtp (gina).mpeg.exe
  • %ProgramFiles%\windows journal\templates\beast bq4kno kfp2yqq girly .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\wep6b08 bq4kno js80j73 .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\4h1e2a346 yzw1afy [bangbus] jxqgtp nrb42wq .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z9z7rwe xxx ddqayq apv53deiq9fw (2hbt8wr).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7b6fhxi cum uncut (liz).mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 yzw1afy bq4kno qx2j1b5 (g6u8n4r).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\0287zh w6csjja14n1 sgu4m7oc (dxocjwba,cy4xpd).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\viaz50 nom72kl ihthd33 cock .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\yzw1afy bq4kno cock 8pfmdyy .zip.exe
  • %ProgramFiles%\microsoft office\templates\7b6fhxi horse [bangbus] legs gsva2xn (g6u8n4r,sonja).rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\upfgetx xxx hot (!) ash (jade,sonja).rar.exe
  • %ProgramFiles%\windows journal\templates\horse nom72kl (jade).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\z1qxwcd lpcu5ai3 sperm girls qx2j1b5 (2hbt8wr).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\7nd83wovj lpcu5ai3 vjq39c1gwy (rdl1tfkz).avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\jxaglwti horse uncut shoes .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\viaz50 7nd83wovj epyxwn .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\mzwpstr8n uncut 40+ (haj1oyikd,cy4xpd).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\jxaglwti beast vjq39c1gwy 8bgkvshe1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ apv53deiq9fw boobs sgoibhh .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8ok6yf sgu4m7oc 8pfmdyy .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\7nd83wovj 7vepaqjm kfp2yqq .mpg.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 xakmpl nom72kl balls .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\sperm vjq39c1gwy ash .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt nude bq4kno jxqgtp .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\4h1e2a346 lpcu5ai3 apv53deiq9fw ol6p1tua .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e tsomq34 sgu4m7oc wifey .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black w6csjja14n1 apv53deiq9fw eigt45 (c4w8hqa).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black horse 7nd83wovj girls ejn547rbxhd1 .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ikdyfwhy yzw1afy horse l9hwcs7vvnphd9 .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\ikdyfwhy mnho9y54 nom72kl young .avi.exe
  • %ALLUSERSPROFILE%\templates\black nude epyxwn sweet .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\jxaglwti porn bq4kno hotel .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ikdyfwhy sperm bq4kno .zip.exe
  • C:\users\default\appdata\local\temp\f07qtt yzw1afy epyxwn qx2j1b5 (sonja).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wep6b08 girls .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe yzw1afy lpcu5ai3 ihthd33 6tl9zg0uqa .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt beast wep6b08 [bangbus] (karin).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm nom72kl uncut (2hbt8wr,haj1oyikd).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\porn [free] balls (c4w8hqa).rar.exe
  • C:\users\default\templates\lpcu5ai3 gay uncut hole (sonja).mpeg.exe
  • %ALLUSERSPROFILE%\templates\lpcu5ai3 horse [free] legs .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt nom72kl ddqayq vjq39c1gwy lzxyhb7k (rdl1tfkz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 7nd83wovj epyxwn zn3tvn .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\fac71w2 mzwpstr8n 8ok6yf vjq39c1gwy (gina,liz).avi.exe
  • %TEMP%\ikdyfwhy wep6b08 mnho9y54 sgu4m7oc .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\fac71w2 mnho9y54 h93bklf ihthd33 zmc8ujp .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\beast [bangbus] .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\fac71w2 w6csjja14n1 gay apv53deiq9fw girly .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\fac71w2 gay bq4kno feet qq6w54yfhtqrbwcslg (dehod0,liz).avi.exe
  • %APPDATA%\microsoft\templates\horse cum [free] 6tl9zg0uqa .zip.exe
  • %APPDATA%\microsoft\windows\templates\ikdyfwhy uncut 779mipj .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\nude xxx big 6tl9zg0uqa (rdl1tfkz).rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\8r3baiec beast [free] fw58kpr41ob1w .zip.exe
  • %HOMEPATH%\templates\wpjwijv wep6b08 l9hwcs7vvnphd9 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\8r3baiec tsomq34 nom72kl (sandy,jade).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\porn apv53deiq9fw qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\w6csjja14n1 girls cock .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ 7vepaqjm js80j73 (dxocjwba,liz).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8ok6yf h93bklf epyxwn shoes .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8ok6yf porn epyxwn kfp2yqq .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\bd1l5ir lpcu5ai3 big zn3tvn .avi.exe
  • %ALLUSERSPROFILE%\templates\wpjwijv h93bklf sgu4m7oc titts (rdl1tfkz,y8oxsqa).mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\wep6b08 horse epyxwn .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx 7nd83wovj bq4kno hotel .rar.exe
  • C:\users\default\appdata\local\temp\mnho9y54 epyxwn .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\upfgetx lpcu5ai3 tsomq34 sgu4m7oc js80j73 (36mho73).avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\tsomq34 [free] .rar.exe
  • C:\users\default\templates\ikdyfwhy yzw1afy sgu4m7oc jxqgtp .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\w6csjja14n1 cum apv53deiq9fw sweet (sarah).rar.exe
  • %TEMP%\8r3baiec 7nd83wovj uncut ash fw58kpr41ob1w .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\beast big hairy .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\4h1e2a346 horse apv53deiq9fw ae2sd7u4xh (c4w8hqa).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt w6csjja14n1 uncut glans fishy (y8oxsqa,sonja).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\black xakmpl bd1l5ir uncut .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\fac71w2 nude bq4kno balls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\wpjwijv sperm [free] hotel .avi.exe
  • %APPDATA%\microsoft\templates\8r3baiec vjq39c1gwy young (36mho73).avi.exe
  • %APPDATA%\microsoft\windows\templates\cum 7vepaqjm (cy4xpd).mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z1qxwcd ddqayq mzwpstr8n epyxwn (y8oxsqa,dehod0).zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\s2fkave horse uncut kfp2yqq (2hbt8wr).zip.exe
  • %HOMEPATH%\templates\mzwpstr8n ddqayq l9hwcs7vvnphd9 cock .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\h93bklf cum uncut qx2j1b5 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\wpjwijv w6csjja14n1 apv53deiq9fw glans .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zc8giv9 h93bklf yzw1afy [milf] 779mipj (dxocjwba,y8oxsqa).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\s2fkave sperm big lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\asian nude horse [free] jxqgtp gsva2xn .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\ xakmpl uncut (liz,c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\8r3baiec cum horse bq4kno glans 779mipj .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx tsomq34 bq4kno (dehod0,hyo87il).avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx ddqayq hot (!) 50+ .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm horse xxx hot (!) hole young .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gay lpcu5ai3 [milf] hairy (sonja,cy4xpd).mpeg.exe
  • %WINDIR%\assembly\temp\nude epyxwn .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\asian bd1l5ir beast epyxwn 8pfmdyy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8r3baiec mnho9y54 nom72kl .rar.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt mzwpstr8n bd1l5ir 7vepaqjm hairy .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z1qxwcd wep6b08 [milf] .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\yzw1afy [milf] eigt45 (sonja).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\zc8giv9 nom72kl uncut cock boots (sandy).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\bd1l5ir 7vepaqjm eigt45 (dehod0).mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ikdyfwhy 7nd83wovj nom72kl legs zn3tvn (dehod0).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\mzwpstr8n 7nd83wovj [bangbus] .mpg.exe
  • %WINDIR%\assembly\temp\jxaglwti apv53deiq9fw fw58kpr41ob1w .zip.exe
  • %WINDIR%\assembly\tmp\nom72kl vjq39c1gwy nrb42wq .avi.exe
  • %WINDIR%\pla\templates\cum bq4kno lady (rdl1tfkz).zip.exe
  • %WINDIR%\security\templates\fac71w2 mzwpstr8n [free] kfp2yqq lzxyhb7k (liz,karin).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\asian 8ok6yf [bangbus] .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt mnho9y54 nom72kl hole ae2sd7u4xh .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\tsomq34 big boobs girly .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\nude gay vjq39c1gwy .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\7b6fhxi horse xxx 7vepaqjm sgoibhh .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\asian xakmpl big shoes .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\ikdyfwhy cum 7vepaqjm (gina,y8oxsqa).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\cum porn nom72kl glans mg9fvb2xk9 .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ikdyfwhy xakmpl [free] eigt45 .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\h93bklf yzw1afy hot (!) qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\pla\templates\7b6fhxi horse mzwpstr8n vjq39c1gwy .zip.exe
  • %WINDIR%\security\templates\horse nude vjq39c1gwy fw58kpr41ob1w (g6u8n4r,36mho73).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\nude 7nd83wovj [bangbus] jxqgtp ae2sd7u4xh .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay beast bq4kno .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec yzw1afy [milf] jxqgtp shoes (sonja,c4w8hqa).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z1qxwcd h93bklf mzwpstr8n ihthd33 titts .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\ikdyfwhy ddqayq [free] (sonja).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\7nd83wovj lpcu5ai3 uncut .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm 8ok6yf l9hwcs7vvnphd9 js80j73 .mpg.exe
  • %WINDIR%\syswow64\fxstmp\f07qtt bd1l5ir girls js80j73 (hyo87il,jade).rar.exe
  • %WINDIR%\syswow64\fxstmp\4h1e2a346 nude h93bklf 7vepaqjm (liz).mpg.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm tsomq34 gay epyxwn ejn547rbxhd1 (cy4xpd,dxocjwba).zip.exe
  • %WINDIR%\syswow64\ime\shared\nom72kl nude big ash .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\z9z7rwe porn 7nd83wovj hot (!) jxqgtp shoes (karin,2hbt8wr).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\asian lpcu5ai3 bd1l5ir sgu4m7oc gh5b6gd7wrv .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\jxaglwti h93bklf 8ok6yf girls .zip.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx xakmpl horse vjq39c1gwy 779mipj .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\viaz50 gay ihthd33 .rar.exe
  • %WINDIR%\syswow64\ime\shared\sperm porn big hole mg9fvb2xk9 .zip.exe
  • %WINDIR%\syswow64\ime\shared\ikdyfwhy 7nd83wovj tsomq34 7vepaqjm boobs 779mipj .avi.exe
  • %WINDIR%\temp\f07qtt 7nd83wovj hot (!) titts boots (liz,dehod0).mpg.exe
  • %WINDIR%\winsxs\installtemp\jxaglwti beast 7nd83wovj hot (!) hairy .avi.exe
  • %WINDIR%\winsxs\installtemp\z9z7rwe sperm beast bq4kno hole 50+ (dxocjwba,rdl1tfkz).mpeg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play