PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.KillProc2.28448

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\gzn4ud7e h93bklf mnho9y54 uncut 6tl9zg0uqa .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xakmpl gay [free] wifey (sonja,2hbt8wr).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\beast l9hwcs7vvnphd9 titts .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\yzw1afy big (jade).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\gzn4ud7e 8ok6yf mnho9y54 epyxwn .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8r3baiec nude tsomq34 ihthd33 mg9fvb2xk9 (sonja,y8oxsqa).mpeg.exe
  • %ProgramFiles%\windows journal\templates\xxx hot (!) .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\lpcu5ai3 bq4kno cock fw58kpr41ob1w (c4w8hqa).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\sperm bq4kno ash .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\yzw1afy apv53deiq9fw titts (sonja,dxocjwba).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 l9hwcs7vvnphd9 qx2j1b5 .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\sperm epyxwn feet .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z9z7rwe 7nd83wovj tsomq34 [free] (liz).avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\ girls (dxocjwba).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\beast uncut .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\tsomq34 vjq39c1gwy ash .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 xakmpl mnho9y54 hot (!) sm .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt horse sperm big .mpeg.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm porn yzw1afy nom72kl .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 uncut lzxyhb7k .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx 7nd83wovj lpcu5ai3 sgu4m7oc sm .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mnho9y54 ihthd33 (dxocjwba).avi.exe
  • %ALLUSERSPROFILE%\templates\beast 7vepaqjm .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\fac71w2 wep6b08 xxx uncut feet .mpg.exe
  • C:\users\default\appdata\local\temp\s2fkave nude nom72kl l9hwcs7vvnphd9 hairy .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\f07qtt w6csjja14n1 apv53deiq9fw ejn547rbxhd1 (rdl1tfkz,dxocjwba).mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nom72kl uncut cock .mpeg.exe
  • C:\users\default\templates\horse vjq39c1gwy nmibe2 .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f07qtt xakmpl horse hot (!) feet .rar.exe
  • %TEMP%\gay nom72kl (dxocjwba).zip.exe
  • %LOCALAPPDATA%\<INETFILES>\lpcu5ai3 big cock shoes .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\xxx apv53deiq9fw qx2j1b5 .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\fac71w2 horse yzw1afy uncut qx2j1b5 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\black w6csjja14n1 sperm l9hwcs7vvnphd9 .avi.exe
  • %APPDATA%\microsoft\templates\s2fkave 7nd83wovj mnho9y54 uncut zn3tvn .mpg.exe
  • %APPDATA%\microsoft\windows\templates\beast [bangbus] glans gh5b6gd7wrv .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f1i7cm nude tsomq34 7vepaqjm qq6w54yfhtqrbwcslg .avi.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\lpcu5ai3 ihthd33 .zip.exe
  • %HOMEPATH%\templates\upfgetx porn sperm epyxwn hotel .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f07qtt h93bklf mzwpstr8n apv53deiq9fw glans .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave nude beast l9hwcs7vvnphd9 gsva2xn .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\tsomq34 vjq39c1gwy cock 779mipj (sarah).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\upfgetx nude mnho9y54 [bangbus] titts hotel (liz).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\black 8ok6yf beast [milf] young .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\xxx [milf] feet .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z9z7rwe 7nd83wovj yzw1afy big mg9fvb2xk9 .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\black wep6b08 yzw1afy nom72kl .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\xxx bq4kno .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\upfgetx porn yzw1afy [milf] 40+ .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse big 779mipj .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\sperm bq4kno feet zmc8ujp .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm 7nd83wovj mzwpstr8n girls rv0y8n .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\mzwpstr8n l9hwcs7vvnphd9 girly .avi.exe
  • %WINDIR%\assembly\tmp\zc8giv9 gay girls titts fw58kpr41ob1w .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e h93bklf mzwpstr8n ihthd33 (c4w8hqa).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy 7vepaqjm fishy .mpg.exe
  • %WINDIR%\pla\templates\fac71w2 cum lpcu5ai3 ihthd33 nmibe2 (36mho73,jade).zip.exe
  • %WINDIR%\security\templates\black 8ok6yf lpcu5ai3 [bangbus] titts .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 big qx2j1b5 (haj1oyikd,sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\upfgetx cum yzw1afy nom72kl glans js80j73 (g6u8n4r).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\s2fkave xakmpl lpcu5ai3 ihthd33 glans boots .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e cum lpcu5ai3 uncut nmibe2 .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\upfgetx 7nd83wovj sperm sgu4m7oc (sarah).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe horse xxx nom72kl rv0y8n .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 big .zip.exe
  • %WINDIR%\syswow64\fxstmp\gay nom72kl cock boots .avi.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e nude lpcu5ai3 vjq39c1gwy feet ejn547rbxhd1 .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\z9z7rwe ddqayq lpcu5ai3 nom72kl glans shoes .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gay bq4kno feet rv0y8n .rar.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e h93bklf [milf] zn3tvn (hyo87il,g6u8n4r).mpeg.exe
  • %WINDIR%\syswow64\ime\shared\black cum lpcu5ai3 nom72kl glans (hyo87il,sarah).mpg.exe
  • %WINDIR%\temp\beast hot (!) hole eigt45 .rar.exe
  • %WINDIR%\winsxs\installtemp\zc8giv9 tsomq34 bq4kno titts zn3tvn .zip.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\f1i7cm yzw1afy uncut feet 40+ .avi.exe
  • %CommonProgramFiles%\microsoft shared\gay [free] cock gsva2xn .mpeg.exe
  • %ProgramFiles%\dvd maker\shared\jxaglwti h93bklf apv53deiq9fw jxqgtp .rar.exe
  • %ProgramFiles%\dvd maker\shared\beast [milf] .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\4h1e2a346 ddqayq uncut .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\z9z7rwe nude tsomq34 ihthd33 sweet (haj1oyikd).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\tsomq34 7nd83wovj ihthd33 hole ol6p1tua (y8oxsqa,karin).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\wep6b08 horse vjq39c1gwy .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\lpcu5ai3 beast l9hwcs7vvnphd9 .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\7b6fhxi 8ok6yf girls boobs ash .zip.exe
  • %ProgramFiles%\microsoft office\templates\f1i7cm horse sgu4m7oc .mpg.exe
  • %ProgramFiles%\microsoft office\templates\yzw1afy nude vjq39c1gwy .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z9z7rwe h93bklf xakmpl [bangbus] 779mipj .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\zc8giv9 7nd83wovj [milf] (g6u8n4r,hyo87il).zip.exe
  • %ProgramFiles%\windows journal\templates\mnho9y54 uncut .avi.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\z1qxwcd wep6b08 [bangbus] boobs js80j73 .zip.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm cum ihthd33 nmibe2 .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\s2fkave w6csjja14n1 uncut .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\eq7k2xcxt 7nd83wovj w6csjja14n1 [free] feet (g6u8n4r).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\7nd83wovj nom72kl sm .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black mnho9y54 mnho9y54 sgu4m7oc zn3tvn (sonja,2hbt8wr).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mzwpstr8n bd1l5ir sgu4m7oc qq6w54yfhtqrbwcslg .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\8r3baiec wep6b08 [bangbus] legs nrb42wq .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e ddqayq hot (!) titts lzxyhb7k .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\porn horse nom72kl 8pfmdyy .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black h93bklf hot (!) cock .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\black bd1l5ir w6csjja14n1 apv53deiq9fw latex (sarah).mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\horse ddqayq uncut eigt45 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 w6csjja14n1 yzw1afy epyxwn 779mipj .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\wpjwijv mzwpstr8n tsomq34 sgu4m7oc legs girly .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\xakmpl ihthd33 jxqgtp gsva2xn .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n 7vepaqjm (sandy).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\0287zh cum girls ash 779mipj .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave big mg9fvb2xk9 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 h93bklf yzw1afy epyxwn (hyo87il).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z9z7rwe lpcu5ai3 uncut kfp2yqq nmibe2 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\asian 7vepaqjm hole .mpeg.exe
  • %ALLUSERSPROFILE%\templates\bd1l5ir vjq39c1gwy .mpg.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec 7nd83wovj beast hot (!) (rdl1tfkz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\viaz50 gay wep6b08 hot (!) (jenna,sonja).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ddqayq nom72kl [bangbus] hole .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\beast bq4kno .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gay mnho9y54 girls wifey .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm 7nd83wovj [free] .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx h93bklf [bangbus] titts ae2sd7u4xh .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7b6fhxi cum porn [bangbus] 50+ (sonja).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black beast uncut .mpg.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe porn epyxwn latex (sonja,hyo87il).mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe w6csjja14n1 uncut fishy (g6u8n4r,sonja).mpg.exe
  • C:\users\default\appdata\local\temp\black mnho9y54 yzw1afy girls jxqgtp ol6p1tua .mpg.exe
  • %ALLUSERSPROFILE%\templates\h93bklf sgu4m7oc .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe beast 8ok6yf l9hwcs7vvnphd9 .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\nom72kl sperm l9hwcs7vvnphd9 boobs ol6p1tua (hyo87il).mpeg.exe
  • C:\users\default\appdata\local\temp\ h93bklf uncut wifey .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\nude lpcu5ai3 [milf] (c4w8hqa,g6u8n4r).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nude apv53deiq9fw ash .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8ok6yf sgu4m7oc sm .mpeg.exe
  • C:\users\default\templates\f1i7cm wep6b08 porn hot (!) (dxocjwba,jenna).rar.exe
  • C:\users\default\templates\h93bklf 7vepaqjm fishy .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\h93bklf h93bklf ihthd33 js80j73 .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\zc8giv9 sperm nom72kl .mpeg.exe
  • %TEMP%\zc8giv9 sperm bq4kno ol6p1tua .rar.exe
  • %TEMP%\gzn4ud7e nom72kl apv53deiq9fw .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\h93bklf apv53deiq9fw (sarah).zip.exe
  • %LOCALAPPDATA%\<INETFILES>\z1qxwcd xxx beast girls 50+ .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\gzn4ud7e 8ok6yf lpcu5ai3 girls .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\z1qxwcd ddqayq [milf] 6tl9zg0uqa .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\mzwpstr8n [bangbus] gsva2xn .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\z9z7rwe mnho9y54 uncut 40+ .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\8r3baiec gay apv53deiq9fw sgoibhh .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\eq7k2xcxt horse big fw58kpr41ob1w (sonja).mpg.exe
  • %APPDATA%\microsoft\templates\eq7k2xcxt porn 7nd83wovj [free] latex (sonja,36mho73).mpg.exe
  • %APPDATA%\microsoft\windows\templates\sperm lpcu5ai3 epyxwn .mpg.exe
  • %APPDATA%\microsoft\templates\xakmpl xxx apv53deiq9fw 8bgkvshe1 (y8oxsqa,2hbt8wr).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\h93bklf apv53deiq9fw jxqgtp nrb42wq (dxocjwba,jade).rar.exe
  • %APPDATA%\microsoft\windows\templates\sperm apv53deiq9fw titts .avi.exe
  • %HOMEPATH%\templates\xxx h93bklf nom72kl hotel .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\mnho9y54 bq4kno (sandy,rdl1tfkz).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\zc8giv9 xakmpl mnho9y54 hot (!) kfp2yqq .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f1i7cm mzwpstr8n uncut hole ash .zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\eq7k2xcxt xxx xxx big gsva2xn .mpg.exe
  • %HOMEPATH%\templates\fac71w2 ddqayq vjq39c1gwy fw58kpr41ob1w (sonja).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\porn gay [free] .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\jxaglwti bd1l5ir epyxwn (dehod0,dehod0).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\sperm nom72kl [free] .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe horse beast epyxwn hole .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\horse uncut .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mzwpstr8n yzw1afy [bangbus] (sarah).mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 7nd83wovj [milf] ash .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\z1qxwcd horse h93bklf [free] .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt h93bklf porn apv53deiq9fw .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f07qtt horse uncut shoes (rdl1tfkz).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black xakmpl porn girls .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\zc8giv9 xxx 8ok6yf uncut qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\8r3baiec gay beast apv53deiq9fw rv0y8n .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\ikdyfwhy w6csjja14n1 7nd83wovj [milf] legs young .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f1i7cm w6csjja14n1 hot (!) (y8oxsqa).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\horse horse girls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ddqayq apv53deiq9fw legs .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0287zh ddqayq tsomq34 uncut (c4w8hqa,c4w8hqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mzwpstr8n vjq39c1gwy boobs 50+ .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\4h1e2a346 yzw1afy xakmpl [free] (cy4xpd,cy4xpd).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\xakmpl vjq39c1gwy glans eigt45 .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\nude horse big glans 50+ .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\h93bklf nom72kl sgu4m7oc kfp2yqq .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\ddqayq uncut glans (c4w8hqa,hyo87il).mpg.exe
  • %WINDIR%\assembly\temp\tsomq34 bd1l5ir [free] zn3tvn .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mzwpstr8n epyxwn qq6w54yfhtqrbwcslg .mpeg.exe
  • %WINDIR%\assembly\tmp\nom72kl [free] fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\0287zh 8ok6yf girls gsva2xn .mpeg.exe
  • %WINDIR%\assembly\temp\wpjwijv gay nom72kl wifey .avi.exe
  • %WINDIR%\assembly\tmp\0287zh nude h93bklf l9hwcs7vvnphd9 balls .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z9z7rwe ddqayq bd1l5ir uncut .mpg.exe
  • %WINDIR%\pla\templates\gzn4ud7e nom72kl yzw1afy sgu4m7oc .rar.exe
  • %WINDIR%\security\templates\zc8giv9 tsomq34 big b37oavmx289 .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\eq7k2xcxt porn uncut .mpeg.exe
  • %WINDIR%\pla\templates\zc8giv9 yzw1afy uncut gsva2xn .mpeg.exe
  • %WINDIR%\security\templates\nude bq4kno ol6p1tua (dxocjwba,rdl1tfkz).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\sperm apv53deiq9fw kfp2yqq 50+ (y8oxsqa,cy4xpd).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec porn uncut eigt45 .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\bd1l5ir mnho9y54 bq4kno .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\z9z7rwe lpcu5ai3 sgu4m7oc titts fishy .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\zc8giv9 tsomq34 8ok6yf big boobs eigt45 .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\wep6b08 8ok6yf girls jxqgtp hairy .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx lpcu5ai3 lpcu5ai3 ihthd33 mg9fvb2xk9 (y8oxsqa,jade).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi horse hot (!) hole .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e nom72kl h93bklf apv53deiq9fw glans .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\mnho9y54 nude l9hwcs7vvnphd9 sweet .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e xxx bq4kno .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\zc8giv9 porn tsomq34 [milf] ol6p1tua .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx horse vjq39c1gwy .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 sgu4m7oc hole .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 gay big 779mipj (sarah,dehod0).mpg.exe
  • %WINDIR%\syswow64\fxstmp\yzw1afy tsomq34 vjq39c1gwy gsva2xn .avi.exe
  • %WINDIR%\syswow64\fxstmp\black ddqayq horse 7vepaqjm titts .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt nom72kl uncut ash .avi.exe
  • %WINDIR%\syswow64\ime\shared\wpjwijv lpcu5ai3 [free] glans rv0y8n .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\asian beast [free] young .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\beast bd1l5ir 7vepaqjm hole rv0y8n .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e bd1l5ir xxx bq4kno ash ae2sd7u4xh .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\xakmpl sperm bq4kno hole .zip.exe
  • %WINDIR%\syswow64\fxstmp\7b6fhxi cum apv53deiq9fw 6tl9zg0uqa .rar.exe
  • %WINDIR%\syswow64\fxstmp\lpcu5ai3 girls jxqgtp nmibe2 .zip.exe
  • %WINDIR%\syswow64\ime\shared\cum 7vepaqjm boobs 8pfmdyy .rar.exe
  • %WINDIR%\syswow64\ime\shared\beast nude [free] .avi.exe
  • %WINDIR%\temp\z1qxwcd 8ok6yf vjq39c1gwy cock rv0y8n .avi.exe
  • %WINDIR%\temp\lpcu5ai3 [free] .avi.exe
  • %WINDIR%\winsxs\installtemp\porn epyxwn boots .zip.exe
  • %WINDIR%\winsxs\installtemp\gay 7vepaqjm glans (jade,y8oxsqa).mpeg.exe
Network activity
TCP
Other
  • '34.##9.100.209':443
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play