PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.28420

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\horse xxx apv53deiq9fw (sonja,dxocjwba).mpg.exe
  • %ProgramFiles%\dvd maker\shared\ xxx apv53deiq9fw glans (rdl1tfkz).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx lpcu5ai3 h93bklf nom72kl latex .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black gay nude uncut ash .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ikdyfwhy bd1l5ir sperm big feet gsva2xn .avi.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e ddqayq mzwpstr8n uncut sweet .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\bd1l5ir lpcu5ai3 ihthd33 js80j73 (haj1oyikd).zip.exe
  • %ProgramFiles%\windows journal\templates\ikdyfwhy ddqayq hot (!) nrb42wq .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\yzw1afy 7vepaqjm qq6w54yfhtqrbwcslg .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\sperm tsomq34 ihthd33 .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\gay nude uncut (c4w8hqa).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\asian sperm nom72kl qx2j1b5 .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 horse horse girls js80j73 .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\7b6fhxi nude wep6b08 [bangbus] jxqgtp ejn547rbxhd1 (jenna,karin).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\7b6fhxi horse girls (rdl1tfkz,sonja).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\asian ddqayq bd1l5ir [free] fw58kpr41ob1w (jenna,gina).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\7b6fhxi gay big jxqgtp .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 horse tsomq34 big (sonja).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xakmpl ihthd33 shoes .mpeg.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 porn girls .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse yzw1afy ihthd33 hairy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\0287zh xakmpl sperm [free] (36mho73).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 mnho9y54 horse 7vepaqjm cock 50+ .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\nude uncut fishy (dehod0,gina).rar.exe
  • %ALLUSERSPROFILE%\templates\s2fkave wep6b08 apv53deiq9fw hotel (gina,sarah).rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\jxaglwti h93bklf mzwpstr8n 7vepaqjm feet sm (karin,hyo87il).avi.exe
  • C:\users\default\appdata\local\temp\asian xakmpl beast vjq39c1gwy boobs .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\f1i7cm bq4kno wifey (c4w8hqa,2hbt8wr).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\mnho9y54 8ok6yf [free] wifey .mpg.exe
  • C:\users\default\templates\asian h93bklf mzwpstr8n [milf] lady .avi.exe
  • %TEMP%\fac71w2 8ok6yf hot (!) glans balls .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\z1qxwcd horse 7vepaqjm (sonja).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\z9z7rwe nom72kl h93bklf apv53deiq9fw kfp2yqq (2hbt8wr,gina).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\zc8giv9 h93bklf sgu4m7oc .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\gzn4ud7e xakmpl ddqayq nom72kl (sandy).mpeg.exe
  • %APPDATA%\microsoft\templates\8r3baiec xakmpl hot (!) (dehod0,36mho73).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\nom72kl big .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\gay girls .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\fac71w2 wep6b08 xakmpl vjq39c1gwy qq6w54yfhtqrbwcslg .avi.exe
  • %HOMEPATH%\templates\upfgetx mzwpstr8n ddqayq 7vepaqjm .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\asian sperm ihthd33 legs .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave nude lpcu5ai3 uncut sweet .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\horse ddqayq ihthd33 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\asian sperm horse vjq39c1gwy .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\cum 7vepaqjm b37oavmx289 .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\wep6b08 big b37oavmx289 (sarah).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\xakmpl tsomq34 [milf] titts mg9fvb2xk9 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\nude cum 7vepaqjm nrb42wq .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\viaz50 h93bklf nom72kl lzxyhb7k .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e wep6b08 7vepaqjm 8bgkvshe1 (gina).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\fac71w2 ddqayq h93bklf [bangbus] ash .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\bd1l5ir horse big .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\z1qxwcd nom72kl uncut latex (36mho73).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\w6csjja14n1 [free] .avi.exe
  • %WINDIR%\assembly\temp\zc8giv9 lpcu5ai3 h93bklf uncut .zip.exe
  • %WINDIR%\assembly\tmp\zc8giv9 w6csjja14n1 bd1l5ir vjq39c1gwy fw58kpr41ob1w .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\zc8giv9 yzw1afy [milf] boobs .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7nd83wovj l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\pla\templates\eq7k2xcxt yzw1afy nude [free] cock ae2sd7u4xh .avi.exe
  • %WINDIR%\security\templates\ddqayq sperm l9hwcs7vvnphd9 glans (sandy,sandy).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt w6csjja14n1 ihthd33 shoes .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\8r3baiec wep6b08 horse sgu4m7oc nmibe2 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\8r3baiec tsomq34 nom72kl girls girly (liz).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\jxaglwti h93bklf l9hwcs7vvnphd9 balls .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\zc8giv9 8ok6yf girls balls (karin,sonja).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\ l9hwcs7vvnphd9 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\wep6b08 8ok6yf l9hwcs7vvnphd9 nmibe2 .avi.exe
  • %WINDIR%\syswow64\fxstmp\zc8giv9 bd1l5ir 8ok6yf hot (!) 50+ .mpg.exe
  • %WINDIR%\syswow64\ime\shared\nude 7vepaqjm .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 7vepaqjm sm (sonja).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\porn mzwpstr8n uncut .mpg.exe
  • %WINDIR%\syswow64\fxstmp\gay l9hwcs7vvnphd9 js80j73 (g6u8n4r).avi.exe
  • %WINDIR%\syswow64\ime\shared\horse yzw1afy nom72kl rv0y8n (c4w8hqa,rdl1tfkz).mpg.exe
  • %WINDIR%\temp\jxaglwti sperm 7vepaqjm sgoibhh .mpeg.exe
  • %WINDIR%\winsxs\installtemp\sperm hot (!) ash mg9fvb2xk9 (y8oxsqa).avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\beast big .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\wep6b08 8ok6yf [milf] hotel .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\xakmpl wep6b08 uncut kfp2yqq (karin,liz).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx xxx epyxwn (cy4xpd,c4w8hqa).mpg.exe
  • %ProgramFiles%\microsoft office\templates\ 8ok6yf nom72kl 779mipj .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gzn4ud7e w6csjja14n1 [milf] .mpeg.exe
  • %ProgramFiles%\windows journal\templates\tsomq34 sgu4m7oc glans (dxocjwba,sonja).avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\fac71w2 wep6b08 ihthd33 6tl9zg0uqa .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\w6csjja14n1 vjq39c1gwy zn3tvn .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\lpcu5ai3 bq4kno wifey .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\f1i7cm porn xxx [milf] feet .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e yzw1afy horse apv53deiq9fw nrb42wq .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\fac71w2 7nd83wovj ddqayq vjq39c1gwy .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\z1qxwcd sperm nom72kl [bangbus] (jenna,gina).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\yzw1afy mzwpstr8n 7vepaqjm (y8oxsqa,g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 tsomq34 apv53deiq9fw boobs ash (sandy).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 xxx hot (!) jxqgtp 50+ (sarah,liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec beast 7vepaqjm young .mpg.exe
  • %ALLUSERSPROFILE%\templates\jxaglwti w6csjja14n1 uncut zn3tvn (36mho73,g6u8n4r).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\asian 7nd83wovj mzwpstr8n [milf] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\asian h93bklf 7nd83wovj apv53deiq9fw zmc8ujp (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\viaz50 yzw1afy tsomq34 sgu4m7oc boobs .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt tsomq34 w6csjja14n1 sgu4m7oc (hyo87il).mpeg.exe
  • %ALLUSERSPROFILE%\templates\tsomq34 uncut nrb42wq .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy mnho9y54 big glans sm (sonja).mpeg.exe
  • C:\users\default\appdata\local\temp\z1qxwcd horse apv53deiq9fw 6tl9zg0uqa .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\beast ihthd33 hole sm .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\sperm mzwpstr8n uncut sm .avi.exe
  • C:\users\default\templates\4h1e2a346 wep6b08 8ok6yf big titts .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\horse epyxwn .mpeg.exe
  • %TEMP%\upfgetx horse horse girls cock .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\wpjwijv nom72kl 7vepaqjm .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\cum xxx uncut boobs nrb42wq .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\viaz50 w6csjja14n1 xxx [milf] hole (gina,36mho73).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\xxx 8ok6yf uncut (2hbt8wr,36mho73).mpeg.exe
  • %APPDATA%\microsoft\templates\8ok6yf h93bklf [bangbus] .avi.exe
  • %APPDATA%\microsoft\windows\templates\xxx ihthd33 6tl9zg0uqa .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\0287zh h93bklf uncut feet gsva2xn .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\cum mzwpstr8n [bangbus] 779mipj (dxocjwba,sarah).rar.exe
  • %HOMEPATH%\templates\yzw1afy sperm vjq39c1gwy jxqgtp gh5b6gd7wrv .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\ [free] nrb42wq .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ 8ok6yf [milf] titts (dehod0).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z1qxwcd nude uncut glans rv0y8n .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mnho9y54 hot (!) zmc8ujp .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\mnho9y54 [bangbus] mg9fvb2xk9 .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\asian mnho9y54 xxx epyxwn (c4w8hqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\jxaglwti cum [milf] (sonja,hyo87il).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\lpcu5ai3 7nd83wovj uncut gsva2xn (cy4xpd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f07qtt sperm nom72kl fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\viaz50 lpcu5ai3 xakmpl l9hwcs7vvnphd9 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 horse apv53deiq9fw latex .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\8r3baiec 7nd83wovj porn 7vepaqjm ejn547rbxhd1 (gina).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse xakmpl [free] wifey (y8oxsqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\w6csjja14n1 h93bklf vjq39c1gwy .mpeg.exe
  • %WINDIR%\assembly\temp\gzn4ud7e mzwpstr8n big .mpeg.exe
  • %WINDIR%\assembly\tmp\w6csjja14n1 tsomq34 ihthd33 gsva2xn (sonja,sarah).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\4h1e2a346 horse vjq39c1gwy hotel .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\s2fkave mzwpstr8n w6csjja14n1 [milf] (2hbt8wr).rar.exe
  • %WINDIR%\pla\templates\ddqayq yzw1afy vjq39c1gwy wifey .rar.exe
  • %WINDIR%\security\templates\eq7k2xcxt beast tsomq34 sgu4m7oc fw58kpr41ob1w .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt cum horse 7vepaqjm lzxyhb7k (sonja).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\z1qxwcd horse hot (!) 6tl9zg0uqa .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay lpcu5ai3 uncut gsva2xn .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy bd1l5ir girls glans eigt45 (hyo87il).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\wpjwijv yzw1afy nude girls ae2sd7u4xh .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\s2fkave mnho9y54 beast vjq39c1gwy jxqgtp sm (jenna,sonja).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\yzw1afy gay nom72kl fw58kpr41ob1w .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 mzwpstr8n 7vepaqjm .zip.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec mnho9y54 mnho9y54 uncut jxqgtp (2hbt8wr).zip.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec tsomq34 [bangbus] sm .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\7b6fhxi porn 7vepaqjm .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave horse hot (!) zmc8ujp .zip.exe
  • %WINDIR%\syswow64\fxstmp\horse beast [bangbus] (36mho73).zip.exe
  • %WINDIR%\syswow64\ime\shared\wpjwijv lpcu5ai3 xakmpl [free] nrb42wq .avi.exe
  • %WINDIR%\temp\zc8giv9 bd1l5ir epyxwn (cy4xpd).mpeg.exe
  • %WINDIR%\winsxs\installtemp\ 7nd83wovj [free] .rar.exe
  • %CommonProgramFiles%\microsoft shared\mzwpstr8n [free] glans .avi.exe
  • %CommonProgramFiles%\microsoft shared\wpjwijv 7nd83wovj 7vepaqjm js80j73 .zip.exe
  • %ProgramFiles%\dvd maker\shared\gzn4ud7e porn apv53deiq9fw .avi.exe
  • %ProgramFiles%\dvd maker\shared\eq7k2xcxt horse girls .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\eq7k2xcxt xxx sperm girls 779mipj .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\yzw1afy big b37oavmx289 (sandy,cy4xpd).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mzwpstr8n bq4kno hole boots (sonja).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\4h1e2a346 xxx mzwpstr8n sgu4m7oc (g6u8n4r,dehod0).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\4h1e2a346 nom72kl uncut sweet .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt 7nd83wovj sperm uncut feet .zip.exe
  • %ProgramFiles%\microsoft office\templates\0287zh w6csjja14n1 xakmpl [free] .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\wpjwijv xxx [milf] qx2j1b5 (liz,sonja).zip.exe
  • %ProgramFiles%\microsoft office\templates\upfgetx xxx ihthd33 feet .rar.exe
  • %ProgramFiles%\windows journal\templates\f07qtt ddqayq [milf] .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\porn horse epyxwn (g6u8n4r,gina).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx yzw1afy gay nom72kl eigt45 .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\horse big (c4w8hqa,sandy).mpeg.exe
  • %ProgramFiles%\windows journal\templates\0287zh w6csjja14n1 sgu4m7oc .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\gzn4ud7e 7nd83wovj 7nd83wovj nom72kl hotel .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\cum hot (!) (dehod0,sarah).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\7b6fhxi xakmpl xakmpl epyxwn titts girly (c4w8hqa).zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ 8ok6yf l9hwcs7vvnphd9 cock sweet (g6u8n4r).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\viaz50 mnho9y54 bd1l5ir [bangbus] sm .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f1i7cm gay l9hwcs7vvnphd9 hotel .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt horse l9hwcs7vvnphd9 legs js80j73 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm porn hot (!) .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wep6b08 nom72kl girls .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e beast cum uncut boots .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm [free] zmc8ujp .rar.exe
  • %ALLUSERSPROFILE%\templates\f07qtt sperm mnho9y54 7vepaqjm fw58kpr41ob1w .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\cum xxx 7vepaqjm nmibe2 (sarah).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx 7nd83wovj bq4kno (gina,g6u8n4r).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black 7nd83wovj horse vjq39c1gwy lady .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ikdyfwhy nom72kl big legs sgoibhh .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\w6csjja14n1 bd1l5ir hot (!) fishy .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\fac71w2 yzw1afy beast epyxwn titts .mpeg.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 uncut legs wifey .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\h93bklf cum [free] fishy .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\8r3baiec cum girls .zip.exe
  • C:\users\default\appdata\local\temp\gzn4ud7e beast epyxwn lzxyhb7k (dehod0).mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\xakmpl [milf] titts .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\ gay nom72kl qq6w54yfhtqrbwcslg .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\viaz50 ddqayq ihthd33 ash young .zip.exe
  • C:\users\default\templates\8r3baiec mzwpstr8n 8ok6yf uncut (sonja).mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\mzwpstr8n [free] .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm 8ok6yf h93bklf l9hwcs7vvnphd9 girly .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z1qxwcd xakmpl w6csjja14n1 big (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\bd1l5ir mnho9y54 apv53deiq9fw .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\asian 8ok6yf porn nom72kl ol6p1tua .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\sperm bd1l5ir apv53deiq9fw glans ae2sd7u4xh .rar.exe
  • %TEMP%\sperm horse l9hwcs7vvnphd9 hole (gina).zip.exe
  • %ALLUSERSPROFILE%\templates\yzw1afy 8ok6yf girls boots (c4w8hqa,liz).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\f07qtt mnho9y54 yzw1afy ihthd33 qx2j1b5 .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\z1qxwcd bd1l5ir uncut .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\bd1l5ir yzw1afy sgu4m7oc zn3tvn .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\jxaglwti cum big .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\w6csjja14n1 [bangbus] lady .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\fac71w2 mnho9y54 uncut zmc8ujp .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\nom72kl hot (!) cock (jenna).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx mnho9y54 sgu4m7oc .mpeg.exe
  • %APPDATA%\microsoft\templates\h93bklf 8ok6yf [free] .rar.exe
  • %APPDATA%\microsoft\windows\templates\0287zh lpcu5ai3 h93bklf hot (!) .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\fac71w2 ddqayq apv53deiq9fw (cy4xpd,cy4xpd).mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z9z7rwe xxx horse vjq39c1gwy (c4w8hqa).avi.exe
  • %HOMEPATH%\templates\f1i7cm gay gay 7vepaqjm sweet .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\7b6fhxi sperm w6csjja14n1 sgu4m7oc jxqgtp rv0y8n (dxocjwba,sonja).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec ddqayq mzwpstr8n [bangbus] girly .rar.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe nude apv53deiq9fw zmc8ujp .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\0287zh 8ok6yf cum epyxwn b37oavmx289 (dxocjwba).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\fac71w2 xxx nom72kl sweet .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\sperm vjq39c1gwy .mpeg.exe
  • C:\users\default\appdata\local\temp\z9z7rwe lpcu5ai3 bq4kno (2hbt8wr).zip.exe
  • C:\users\default\appdata\local\<INETFILES>\nom72kl epyxwn b37oavmx289 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\4h1e2a346 cum vjq39c1gwy kfp2yqq 779mipj (liz,cy4xpd).mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\wep6b08 [milf] boobs zn3tvn .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\4h1e2a346 w6csjja14n1 beast girls feet hotel (2hbt8wr,g6u8n4r).rar.exe
  • C:\users\default\templates\0287zh cum ddqayq [free] qx2j1b5 .rar.exe
  • %TEMP%\ddqayq nom72kl uncut ae2sd7u4xh .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\ddqayq 7vepaqjm jxqgtp .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\viaz50 w6csjja14n1 [free] ol6p1tua (2hbt8wr,c4w8hqa).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\z1qxwcd h93bklf l9hwcs7vvnphd9 ash js80j73 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\0287zh tsomq34 ihthd33 jxqgtp b37oavmx289 .rar.exe
  • %APPDATA%\microsoft\templates\bd1l5ir vjq39c1gwy young (cy4xpd,hyo87il).rar.exe
  • %APPDATA%\microsoft\windows\templates\8r3baiec 7nd83wovj horse [milf] glans eigt45 (sonja,c4w8hqa).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\w6csjja14n1 uncut 8bgkvshe1 .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt tsomq34 horse vjq39c1gwy js80j73 (hyo87il).zip.exe
  • %HOMEPATH%\templates\7b6fhxi 7nd83wovj bq4kno js80j73 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\fac71w2 lpcu5ai3 7vepaqjm qx2j1b5 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\8ok6yf hot (!) latex .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\0287zh gay ihthd33 jxqgtp gh5b6gd7wrv .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx nom72kl [milf] .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\upfgetx ddqayq horse uncut .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\lpcu5ai3 uncut hairy .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gzn4ud7e bd1l5ir uncut jxqgtp gh5b6gd7wrv .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\gay 7nd83wovj ihthd33 titts 40+ .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\mzwpstr8n hot (!) hole .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\asian yzw1afy uncut .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ikdyfwhy xakmpl 8ok6yf ihthd33 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\ yzw1afy uncut .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\asian tsomq34 wep6b08 sgu4m7oc sgoibhh .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\8r3baiec 8ok6yf nom72kl epyxwn lzxyhb7k (dehod0,sarah).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f1i7cm sperm 7nd83wovj l9hwcs7vvnphd9 boobs girly (cy4xpd,sonja).avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\0287zh horse porn uncut zmc8ujp .avi.exe
  • %WINDIR%\assembly\temp\eq7k2xcxt wep6b08 7nd83wovj [free] boobs .rar.exe
  • %WINDIR%\assembly\tmp\zc8giv9 porn [milf] jxqgtp .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zc8giv9 ddqayq epyxwn jxqgtp hairy .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\nom72kl ihthd33 kfp2yqq zmc8ujp .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0287zh lpcu5ai3 7nd83wovj girls glans .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\lpcu5ai3 [bangbus] nmibe2 .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\yzw1afy mzwpstr8n uncut glans lady (karin,sonja).mpeg.exe
  • %WINDIR%\assembly\temp\black wep6b08 h93bklf uncut boots .mpg.exe
  • %WINDIR%\assembly\tmp\f1i7cm 8ok6yf hot (!) cock (g6u8n4r).rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e cum tsomq34 girls boots .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f07qtt h93bklf [bangbus] lady (dehod0).mpeg.exe
  • %WINDIR%\pla\templates\fac71w2 w6csjja14n1 xxx ihthd33 .avi.exe
  • %WINDIR%\security\templates\mzwpstr8n nom72kl .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\black tsomq34 epyxwn gsva2xn .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave porn h93bklf vjq39c1gwy jxqgtp .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\h93bklf nude 7vepaqjm balls (karin,haj1oyikd).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt nom72kl l9hwcs7vvnphd9 ash (2hbt8wr).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ddqayq hot (!) jxqgtp (sonja,jenna).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\viaz50 xakmpl [free] jxqgtp .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\jxaglwti nom72kl 8ok6yf [bangbus] glans (36mho73,g6u8n4r).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\0287zh cum nom72kl girls .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black ddqayq lpcu5ai3 uncut boobs 779mipj (jenna).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\upfgetx nude apv53deiq9fw legs sgoibhh .mpg.exe
  • %WINDIR%\pla\templates\mzwpstr8n big zn3tvn (g6u8n4r).mpg.exe
  • %WINDIR%\security\templates\nom72kl sperm 7vepaqjm ash 6tl9zg0uqa .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt sperm vjq39c1gwy jxqgtp .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\horse h93bklf epyxwn legs 6tl9zg0uqa .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse mzwpstr8n apv53deiq9fw mg9fvb2xk9 .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 sperm horse uncut (cy4xpd,jenna).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\asian nom72kl sperm uncut 50+ (rdl1tfkz,dehod0).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8ok6yf hot (!) .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\upfgetx sperm [bangbus] zmc8ujp .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx yzw1afy cum uncut glans .zip.exe
  • %WINDIR%\syswow64\fxstmp\s2fkave w6csjja14n1 bq4kno .rar.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt cum ihthd33 .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec xxx mnho9y54 hot (!) .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\wep6b08 gay uncut latex .zip.exe
  • %WINDIR%\syswow64\fxstmp\mzwpstr8n nom72kl .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\upfgetx h93bklf nom72kl .rar.exe
  • %WINDIR%\temp\porn horse vjq39c1gwy latex .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\mnho9y54 uncut titts .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\yzw1afy tsomq34 vjq39c1gwy .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\ 7nd83wovj [milf] .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt horse l9hwcs7vvnphd9 hole shoes .mpg.exe
  • %WINDIR%\syswow64\fxstmp\0287zh porn mnho9y54 [milf] .mpg.exe
  • %WINDIR%\syswow64\ime\shared\porn uncut .avi.exe
  • %WINDIR%\temp\xakmpl yzw1afy ihthd33 .rar.exe
  • %WINDIR%\winsxs\installtemp\asian nom72kl horse apv53deiq9fw feet rv0y8n (sandy,jade).rar.exe
  • %WINDIR%\winsxs\installtemp\horse hot (!) kfp2yqq ejn547rbxhd1 .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play