PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.25399

Added to the Dr.Web virus database: 2025-07-10

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\viaz50 yzw1afy nude l9hwcs7vvnphd9 cock lzxyhb7k .zip.exe
  • %ProgramFiles%\dvd maker\shared\tsomq34 tsomq34 big glans ae2sd7u4xh (sonja).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xxx apv53deiq9fw (dxocjwba,y8oxsqa).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\ikdyfwhy wep6b08 uncut hole (jenna,c4w8hqa).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\black yzw1afy horse sgu4m7oc b37oavmx289 .mpg.exe
  • %ProgramFiles%\microsoft office\templates\z1qxwcd tsomq34 ihthd33 nmibe2 .mpeg.exe
  • %ProgramFiles%\windows journal\templates\beast ihthd33 kfp2yqq 8bgkvshe1 .mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\fac71w2 wep6b08 vjq39c1gwy wifey .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\zc8giv9 h93bklf 8ok6yf [milf] girly (haj1oyikd).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\bd1l5ir sgu4m7oc shoes .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\sperm uncut .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\viaz50 cum wep6b08 hot (!) .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\w6csjja14n1 nom72kl nom72kl (gina,sarah).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\gzn4ud7e 8ok6yf ihthd33 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ddqayq bq4kno .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\cum horse ihthd33 glans hotel .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec h93bklf yzw1afy [milf] .zip.exe
  • %ALLUSERSPROFILE%\templates\nom72kl xakmpl uncut latex .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt bd1l5ir yzw1afy [bangbus] .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tsomq34 vjq39c1gwy 8bgkvshe1 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx 7nd83wovj wep6b08 [milf] cock 40+ .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\0287zh xakmpl [free] .mpeg.exe
  • %ALLUSERSPROFILE%\templates\zc8giv9 beast yzw1afy ihthd33 shoes (sonja).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 xakmpl hot (!) glans .rar.exe
  • C:\users\default\appdata\local\temp\beast uncut titts gh5b6gd7wrv .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\7nd83wovj l9hwcs7vvnphd9 .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\yzw1afy apv53deiq9fw zmc8ujp (sandy,dehod0).mpeg.exe
  • C:\users\default\templates\xxx big kfp2yqq qx2j1b5 .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f07qtt nude xakmpl hot (!) .avi.exe
  • %TEMP%\eq7k2xcxt mzwpstr8n 7nd83wovj big gh5b6gd7wrv .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\f1i7cm tsomq34 apv53deiq9fw boots .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\porn tsomq34 [milf] hairy .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\0287zh bd1l5ir wep6b08 uncut lady .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\lpcu5ai3 nom72kl [bangbus] boobs .avi.exe
  • %APPDATA%\microsoft\templates\nude cum epyxwn zmc8ujp .mpg.exe
  • %APPDATA%\microsoft\windows\templates\ nude big legs .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\zc8giv9 xxx xxx ihthd33 glans sweet .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\mnho9y54 porn nom72kl feet wifey .mpg.exe
  • %HOMEPATH%\templates\7nd83wovj wep6b08 [milf] lzxyhb7k .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\8r3baiec horse 8ok6yf [milf] .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\horse lpcu5ai3 bq4kno zn3tvn (g6u8n4r,2hbt8wr).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ddqayq porn [milf] zmc8ujp (hyo87il).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 nom72kl girls fishy .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\horse bq4kno cock .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\tsomq34 nom72kl hot (!) legs qx2j1b5 (sarah).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f1i7cm horse vjq39c1gwy ash rv0y8n .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\8r3baiec [free] jxqgtp zn3tvn .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\7b6fhxi h93bklf h93bklf hot (!) legs .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\lpcu5ai3 xakmpl vjq39c1gwy wifey .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f1i7cm mnho9y54 apv53deiq9fw .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\ikdyfwhy h93bklf apv53deiq9fw .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\4h1e2a346 tsomq34 tsomq34 l9hwcs7vvnphd9 lady .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\asian ddqayq nom72kl boots .mpeg.exe
  • %WINDIR%\assembly\temp\xxx wep6b08 uncut hole wifey .zip.exe
  • %WINDIR%\assembly\tmp\8r3baiec cum [free] zmc8ujp .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\asian hot (!) rv0y8n (jade,sonja).rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\eq7k2xcxt h93bklf lpcu5ai3 7vepaqjm 8bgkvshe1 .avi.exe
  • %WINDIR%\pla\templates\bd1l5ir ihthd33 glans js80j73 .zip.exe
  • %WINDIR%\security\templates\upfgetx tsomq34 l9hwcs7vvnphd9 glans 8bgkvshe1 (g6u8n4r,dehod0).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e h93bklf bq4kno ash .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\porn big .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f07qtt gay horse sgu4m7oc ae2sd7u4xh .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec cum uncut .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\0287zh lpcu5ai3 sgu4m7oc 779mipj .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\0287zh horse porn nom72kl .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\gzn4ud7e sperm bq4kno .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\cum xxx epyxwn 8bgkvshe1 (36mho73,36mho73).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\black horse xxx epyxwn (rdl1tfkz,haj1oyikd).mpg.exe
  • %WINDIR%\syswow64\ime\shared\beast bq4kno boobs .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\nom72kl h93bklf vjq39c1gwy titts (karin,hyo87il).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 horse nom72kl glans (c4w8hqa).mpg.exe
  • %WINDIR%\syswow64\fxstmp\ikdyfwhy mnho9y54 uncut gh5b6gd7wrv .rar.exe
  • %WINDIR%\syswow64\ime\shared\4h1e2a346 h93bklf apv53deiq9fw .mpeg.exe
  • %WINDIR%\temp\ikdyfwhy tsomq34 wep6b08 ihthd33 ash sm .mpg.exe
  • %WINDIR%\winsxs\installtemp\wpjwijv 8ok6yf uncut titts b37oavmx289 (dxocjwba).avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\f07qtt cum sperm girls glans .avi.exe
  • %CommonProgramFiles%\microsoft shared\s2fkave nude sperm uncut cock .mpg.exe
  • %ProgramFiles%\dvd maker\shared\gzn4ud7e nude mzwpstr8n hot (!) ae2sd7u4xh .avi.exe
  • %ProgramFiles%\dvd maker\shared\eq7k2xcxt wep6b08 ihthd33 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\sperm girls mg9fvb2xk9 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\s2fkave wep6b08 lpcu5ai3 uncut .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\yzw1afy 7vepaqjm ae2sd7u4xh .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\sperm vjq39c1gwy .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gay sgu4m7oc .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mzwpstr8n uncut glans lady .mpg.exe
  • %ProgramFiles%\microsoft office\templates\f07qtt w6csjja14n1 horse big 40+ .mpg.exe
  • %ProgramFiles%\microsoft office\templates\z9z7rwe w6csjja14n1 lpcu5ai3 vjq39c1gwy balls .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ girls (cy4xpd).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\mnho9y54 vjq39c1gwy 6tl9zg0uqa .zip.exe
  • %ProgramFiles%\windows journal\templates\z9z7rwe xakmpl sperm big young .mpg.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm ddqayq gay uncut wifey .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\sperm bq4kno (g6u8n4r).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx h93bklf horse vjq39c1gwy .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\8r3baiec w6csjja14n1 yzw1afy l9hwcs7vvnphd9 glans ash .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ hot (!) hotel .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\mzwpstr8n [bangbus] (g6u8n4r).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\8r3baiec wep6b08 mzwpstr8n 7vepaqjm boots (sonja,jade).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gay [bangbus] titts .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\yzw1afy epyxwn zmc8ujp .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\z9z7rwe 7nd83wovj lpcu5ai3 apv53deiq9fw feet (hyo87il,cy4xpd).avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\s2fkave w6csjja14n1 xxx vjq39c1gwy cock .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e xakmpl horse 7vepaqjm titts .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt xakmpl yzw1afy big gsva2xn .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 nude horse epyxwn cock nrb42wq .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm sgu4m7oc sgoibhh (gina,sarah).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm wep6b08 gay [bangbus] (g6u8n4r).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 sgu4m7oc gsva2xn (sonja,c4w8hqa).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt 8ok6yf girls ash (haj1oyikd,c4w8hqa).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\sperm vjq39c1gwy hole boots (jade).mpeg.exe
  • %ALLUSERSPROFILE%\templates\fac71w2 porn gay girls hole .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay hot (!) feet hairy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\black ddqayq mzwpstr8n epyxwn (cy4xpd).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec horse sperm [bangbus] cock .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\s2fkave h93bklf sperm bq4kno (y8oxsqa).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx sgu4m7oc .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black bd1l5ir horse hot (!) ae2sd7u4xh (gina,liz).mpg.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n girls nmibe2 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe ddqayq horse nom72kl (g6u8n4r).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec wep6b08 yzw1afy girls gsva2xn (jenna,2hbt8wr).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx porn lpcu5ai3 7vepaqjm hole rv0y8n (y8oxsqa).rar.exe
  • %ALLUSERSPROFILE%\templates\gzn4ud7e cum tsomq34 big (y8oxsqa).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave wep6b08 tsomq34 uncut mg9fvb2xk9 .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\fac71w2 wep6b08 tsomq34 l9hwcs7vvnphd9 feet nrb42wq (jade).mpeg.exe
  • C:\users\default\appdata\local\temp\mnho9y54 uncut feet ae2sd7u4xh (jade).mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e ddqayq gay epyxwn cock sgoibhh .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\upfgetx wep6b08 gay epyxwn hole girly .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\beast [bangbus] wifey .mpeg.exe
  • C:\users\default\templates\upfgetx ddqayq sperm l9hwcs7vvnphd9 .rar.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe cum xxx ihthd33 qq6w54yfhtqrbwcslg .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 girls wifey .avi.exe
  • C:\users\default\appdata\local\temp\sperm [bangbus] sweet .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe nude lpcu5ai3 [free] .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\lpcu5ai3 ihthd33 glans .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\nom72kl uncut 40+ .zip.exe
  • C:\users\default\templates\tsomq34 uncut (cy4xpd).zip.exe
  • %TEMP%\8r3baiec h93bklf sperm [milf] 50+ .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\upfgetx bd1l5ir yzw1afy nom72kl feet .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\eq7k2xcxt w6csjja14n1 nom72kl 7vepaqjm hole .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\gzn4ud7e h93bklf gay apv53deiq9fw ol6p1tua (36mho73,liz).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\lpcu5ai3 epyxwn hole .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\8r3baiec horse mnho9y54 hot (!) glans hairy (2hbt8wr).rar.exe
  • %TEMP%\black cum xxx 7vepaqjm titts js80j73 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\jxaglwti horse hot (!) feet hairy (cy4xpd).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\fac71w2 horse tsomq34 bq4kno qq6w54yfhtqrbwcslg .mpeg.exe
  • %APPDATA%\microsoft\templates\upfgetx horse epyxwn feet .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\black ddqayq mnho9y54 l9hwcs7vvnphd9 ash .rar.exe
  • %APPDATA%\microsoft\windows\templates\mzwpstr8n bq4kno 40+ .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\xxx uncut .mpg.exe
  • %APPDATA%\microsoft\templates\ uncut (dxocjwba).rar.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\8r3baiec horse gay [free] 40+ .mpeg.exe
  • %HOMEPATH%\templates\f1i7cm w6csjja14n1 tsomq34 l9hwcs7vvnphd9 glans .zip.exe
  • %APPDATA%\microsoft\windows\templates\upfgetx porn mnho9y54 vjq39c1gwy cock wifey (jade).rar.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\tsomq34 vjq39c1gwy rv0y8n .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\fac71w2 bd1l5ir sperm ihthd33 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\xxx big (g6u8n4r).rar.exe
  • %HOMEPATH%\templates\beast [free] hole b37oavmx289 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 apv53deiq9fw hairy .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\8r3baiec 7nd83wovj nom72kl uncut hole .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe h93bklf nom72kl [bangbus] (sarah).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xxx epyxwn 40+ .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ big hole .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xxx big (dxocjwba).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8r3baiec xakmpl mnho9y54 l9hwcs7vvnphd9 latex .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\nom72kl sgu4m7oc cock (gina,jade).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\lpcu5ai3 sgu4m7oc gh5b6gd7wrv .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\mnho9y54 [bangbus] 40+ .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f07qtt cum beast vjq39c1gwy titts boots .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\xxx hot (!) feet 6tl9zg0uqa .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f07qtt nude sperm bq4kno feet 6tl9zg0uqa (sarah).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tsomq34 vjq39c1gwy b37oavmx289 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\s2fkave xakmpl gay ihthd33 girly (sandy,jade).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black ddqayq mzwpstr8n 7vepaqjm titts 779mipj .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\8r3baiec w6csjja14n1 horse big balls .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\nom72kl uncut gh5b6gd7wrv (jenna,dxocjwba).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\mzwpstr8n sgu4m7oc glans .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ l9hwcs7vvnphd9 cock gh5b6gd7wrv .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mzwpstr8n epyxwn ejn547rbxhd1 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\s2fkave wep6b08 7vepaqjm (karin).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\lpcu5ai3 girls rv0y8n .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\s2fkave w6csjja14n1 sperm [bangbus] .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt wep6b08 gay nom72kl cock .mpeg.exe
  • %WINDIR%\assembly\temp\lpcu5ai3 [milf] (karin).rar.exe
  • %WINDIR%\assembly\tmp\z9z7rwe ddqayq beast epyxwn glans .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt wep6b08 gay [bangbus] glans eigt45 .zip.exe
  • %WINDIR%\assembly\temp\gzn4ud7e w6csjja14n1 beast 7vepaqjm glans .zip.exe
  • %WINDIR%\assembly\tmp\mzwpstr8n bq4kno titts rv0y8n .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e h93bklf gay ihthd33 boots .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gzn4ud7e 7nd83wovj lpcu5ai3 girls young .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fac71w2 porn mzwpstr8n apv53deiq9fw titts lzxyhb7k (g6u8n4r).mpg.exe
  • %WINDIR%\pla\templates\eq7k2xcxt w6csjja14n1 yzw1afy girls glans sweet .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy [milf] (dxocjwba).mpg.exe
  • %WINDIR%\security\templates\z9z7rwe ddqayq xxx l9hwcs7vvnphd9 titts ae2sd7u4xh .zip.exe
  • %WINDIR%\pla\templates\horse l9hwcs7vvnphd9 ol6p1tua .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx nude tsomq34 [milf] (cy4xpd).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\eq7k2xcxt 7nd83wovj gay 7vepaqjm .avi.exe
  • %WINDIR%\security\templates\horse l9hwcs7vvnphd9 feet .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\black bd1l5ir lpcu5ai3 vjq39c1gwy .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f1i7cm horse mnho9y54 bq4kno .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy bq4kno hole nrb42wq .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 sgu4m7oc titts .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl sgu4m7oc .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\eq7k2xcxt horse horse l9hwcs7vvnphd9 nmibe2 .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gay l9hwcs7vvnphd9 hole ol6p1tua (cy4xpd).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\lpcu5ai3 uncut .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\wpjwijv nom72kl sgu4m7oc hole 779mipj .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 apv53deiq9fw feet 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl apv53deiq9fw rv0y8n .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm 8ok6yf sperm epyxwn (karin).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\f1i7cm porn yzw1afy sgu4m7oc ejn547rbxhd1 .avi.exe
  • %WINDIR%\syswow64\ime\shared\beast sgu4m7oc glans (jenna,c4w8hqa).avi.exe
  • %WINDIR%\syswow64\fxstmp\z9z7rwe w6csjja14n1 sperm 7vepaqjm .rar.exe
  • %WINDIR%\syswow64\ime\shared\mzwpstr8n hot (!) feet js80j73 (y8oxsqa).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\yzw1afy l9hwcs7vvnphd9 glans (jenna,jade).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt 7nd83wovj xxx [milf] latex (rdl1tfkz,c4w8hqa).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\gay vjq39c1gwy glans .avi.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e cum mnho9y54 7vepaqjm .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ bq4kno 779mipj .mpg.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt wep6b08 lpcu5ai3 apv53deiq9fw .zip.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec nude sperm vjq39c1gwy sm .mpg.exe
  • %WINDIR%\syswow64\ime\shared\f1i7cm porn mnho9y54 ihthd33 gsva2xn .zip.exe
  • %WINDIR%\temp\s2fkave w6csjja14n1 horse hot (!) .mpg.exe
  • %WINDIR%\temp\lpcu5ai3 bq4kno sm .avi.exe
  • %WINDIR%\winsxs\installtemp\z1qxwcd gay bq4kno glans ash .zip.exe
  • %WINDIR%\winsxs\installtemp\upfgetx 7nd83wovj beast [bangbus] nrb42wq .zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play