FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.24638

Added to the Dr.Web virus database: 2025-06-17

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%prea12ybq3
  • %WINDIR%\syswow64\config\systemprofile\k1tlhzdf 6hg4sl cock boots (4us7a95g).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\peud38v yton2v vg2zgnq w5t8cu4 .avi.exe
  • %WINDIR%\syswow64\fxstmp\peud38v vyfkljc16kq xxx girls 3fzhiwoxgra .mpg.exe
  • %WINDIR%\syswow64\ime\shared\thw5cms3 vyfkljc16kq k1tlhzdf qfb04d7ux8iegf wifey .mpeg.exe
  • %WINDIR%\temp\vg2zgnq cew2xnf4xc 7k78h5f .mpeg.exe
  • %WINDIR%\winsxs\installtemp\p2yoszc xxx w5t8cu4 1n4kl7830jqa .zip.exe
  • %CommonProgramFiles%\microsoft shared\peud38v 2yuliau vg2zgnq uncut hole 1wyga12mzc .avi.exe
  • %ProgramFiles%\dvd maker\shared\dxzg91nv3 nude gay big feet agl9tsu (8e6fxld).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gay 6hg4sl hole .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black yton2v k1tlhzdf uncut glans .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\dk4amn0 vegpvr gay 6hg4sl hole young .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\gay cew2xnf4xc hole yipsl1etyvv (8e6fxld).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\thw5cms3 porn vg2zgnq 3z6oda hole h41hy4cklkoue .mpg.exe
  • %ProgramFiles%\windows journal\templates\k1tlhzdf [free] cock .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\dk4amn0 vyfkljc16kq beast big cock lady (karin).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\black vyfkljc16kq 5i8wmj9 a1swtsdhkhbf .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z7qips porn gay w5t8cu4 fatfulz (sandy,8e6fxld).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\0nmwz7s porn vg2zgnq 3ikjnm4y oltmowd .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\z7qips cum vg2zgnq girls sweet .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\yhfjge yton2v yo6djypsz 3ikjnm4y vkwhqow .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\black horse vg2zgnq girls cock .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\peud38v etorvhr vg2zgnq snidyfph fatfulz .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\dk4amn0 5p4dftc xxx hot (!) feet ash (jade).zip.exe
  • %ProgramFiles%\microsoft office\templates\ktrosnb etorvhr w5t8cu4 a1swtsdhkhbf fcksd0samk .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\thw5cms3 2yuliau [free] glans (etc82zq,rhpa1v).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yhfjge 2yuliau vg2zgnq big hole (sandy,karin).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\0nmwz7s abj24u sperm 3z6oda hole .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\0nmwz7s porn w5t8cu4 [free] cock 40+ (sarah).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\dxzg91nv3 cum vg2zgnq cew2xnf4xc hole fcksd0samk .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black nude gay snidyfph .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\peud38v abj24u beast [milf] 3fzhiwoxgra (jenna,liz).zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\yhfjge porn mvakgcwi [bangbus] glans wifey .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\peud38v yton2v yo6djypsz [milf] hole .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tf1tq013 vyfkljc16kq beast girls .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\horse uncut cock 3fzhiwoxgra .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\sperm 3z6oda .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\w5t8cu4 [bangbus] hole rg7tdu4 (rhpa1v).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\vg2zgnq big z9ay2h .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\dxzg91nv3 nude uncut feet wkdgiqz .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\yhfjge nude yo6djypsz girls hole .avi.exe
  • %WINDIR%\assembly\temp\yhfjge abj24u girls .rar.exe
  • %WINDIR%\assembly\tmp\dxzg91nv3 horse mvakgcwi uncut hairy .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ktrosnb 2yuliau 5i8wmj9 [bangbus] hole 7k78h5f (rhpa1v).zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z7qips abj24u mvakgcwi big (karin).avi.exe
  • %WINDIR%\pla\templates\dk4amn0 obd4vccp8 k1tlhzdf [bangbus] titts agl9tsu .zip.exe
  • %WINDIR%\security\templates\peud38v obd4vccp8 horse big rg7tdu4 .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\tf1tq013 porn qfb04d7ux8iegf shoes .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\sperm cew2xnf4xc titts fatfulz .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z7qips horse mvakgcwi [free] vvano0phq (f56rj0,8e6fxld).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yhfjge etorvhr xxx 3ikjnm4y .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z7qips yton2v beast girls hole .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\dxzg91nv3 etorvhr w5t8cu4 3ikjnm4y cock q4njwcdgux5bzomjnr (2b0ay6o).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\thw5cms3 2yuliau horse qfb04d7ux8iegf h41hy4cklkoue .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\0nmwz7s horse k1tlhzdf cew2xnf4xc z9ay2h (sandy,8e6fxld).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\tf1tq013 horse xxx [free] (0wlc1ae).rar.exe
  • %ALLUSERSPROFILE%\templates\yhfjge 5p4dftc snidyfph vnm7bo .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\w5t8cu4 f9kdqlk cock lady .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xxx qfb04d7ux8iegf (opgr3as).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\0nmwz7s obd4vccp8 w5t8cu4 qfb04d7ux8iegf .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mvakgcwi w5t8cu4 lady .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\xxx a1swtsdhkhbf .zip.exe
  • %WINDIR%\assembly\temp\ktrosnb cum yo6djypsz [milf] glans .zip.exe
  • %WINDIR%\assembly\tmp\z7qips vyfkljc16kq sperm girls .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ktrosnb 2yuliau vg2zgnq 6hg4sl dvmdzwh8lo .avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gay uncut titts shoes .mpeg.exe
  • %WINDIR%\pla\templates\tf1tq013 vyfkljc16kq vg2zgnq 3z6oda hairy .rar.exe
  • %WINDIR%\security\templates\gay f9kdqlk .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\tf1tq013 vegpvr mvakgcwi hot (!) hole sm (0wlc1ae).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\black etorvhr xxx girls .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\beast a1swtsdhkhbf 1n4kl7830jqa .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\0nmwz7s cum k1tlhzdf 3z6oda girly .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\dk4amn0 cum vg2zgnq big vkwhqow .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\ [milf] titts sweet (opgr3as).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\0nmwz7s 5p4dftc sperm girls hole ash (karin).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yhfjge yton2v beast 3ikjnm4y .avi.exe
  • %WINDIR%\syswow64\fxstmp\porn horse cew2xnf4xc .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\thw5cms3 2yuliau 5i8wmj9 w5t8cu4 shoes .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\k1tlhzdf uncut titts 8j1qjf .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mvakgcwi 6hg4sl .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\peud38v nude w5t8cu4 uncut sweet .mpg.exe
  • %WINDIR%\syswow64\ime\shared\w5t8cu4 snidyfph feet .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z7qips vyfkljc16kq 5i8wmj9 qfb04d7ux8iegf .rar.exe
  • %HOMEPATH%\templates\ktrosnb nude xxx cew2xnf4xc feet upfukdp8 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\z7qips 5p4dftc [free] (jade).rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ktrosnb cum gay hot (!) fishy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z7qips obd4vccp8 mvakgcwi hot (!) wifey (sonja,liz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tf1tq013 porn mvakgcwi 3ikjnm4y shoes (gina,8e6fxld).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z7qips vegpvr beast snidyfph shoes .avi.exe
  • %ALLUSERSPROFILE%\templates\dxzg91nv3 obd4vccp8 gay a1swtsdhkhbf 8j1qjf .zip.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\black cum w5t8cu4 8j1qjf (gyta81s3l,rhpa1v).zip.exe
  • C:\users\default\appdata\local\temp\dxzg91nv3 abj24u f9kdqlk glans .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\thw5cms3 etorvhr xxx [bangbus] 1n4kl7830jqa .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\w5t8cu4 hot (!) cock wifey (liz).zip.exe
  • C:\users\default\templates\5i8wmj9 uncut vvano0phq .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\xxx [free] (4us7a95g).rar.exe
  • %TEMP%\sperm 3z6oda glans .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\sperm snidyfph .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\yhfjge horse vg2zgnq [free] oltmowd .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\ 3ikjnm4y (2b0ay6o).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\thw5cms3 5p4dftc k1tlhzdf 6hg4sl (sarah).avi.exe
  • %APPDATA%\microsoft\templates\thw5cms3 obd4vccp8 beast uncut dvmdzwh8lo .rar.exe
  • %APPDATA%\microsoft\windows\templates\black nude beast 3ikjnm4y glans 8j1qjf .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\0nmwz7s vyfkljc16kq vg2zgnq snidyfph (jade).zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\vg2zgnq [milf] shoes (yeadrcq,liz).mpeg.exe
  • %HOMEPATH%\templates\0nmwz7s vegpvr yo6djypsz girls hole agl9tsu (0wlc1ae).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\5i8wmj9 f9kdqlk .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\yhfjge 2yuliau beast [free] .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\k1tlhzdf 3z6oda glans balls (sarah).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\sperm girls (2b0ay6o).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\dxzg91nv3 2yuliau xxx cew2xnf4xc hole .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\w5t8cu4 uncut feet h41hy4cklkoue .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\thw5cms3 cum big (rhpa1v).zip.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z7qips obd4vccp8 beast [free] titts 0vzq1yfv (sarah).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\z7qips porn sperm cew2xnf4xc .avi.exe
  • %APPDATA%\microsoft\windows\templates\0nmwz7s vegpvr k1tlhzdf 3z6oda rg7tdu4 .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\thw5cms3 xxx qfb04d7ux8iegf legs 8j1qjf (ct00vwxo).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\nude horse [free] boobs n3mhrd7 (f56rj0).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\peud38v sperm beast f9kdqlk (jenna).mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\sperm snidyfph .zip.exe
  • %APPDATA%\microsoft\templates\9saw1az3 nude nude 6hg4sl (0wlc1ae).zip.exe
  • %APPDATA%\microsoft\windows\templates\ abj24u w5t8cu4 glans (jade).mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\ktrosnb 2yuliau big vnm7bo (etc82zq).avi.exe
  • %APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\5p4dftc yton2v hot (!) young (4us7a95g,0wlc1ae).avi.exe
  • %HOMEPATH%\templates\porn yo6djypsz snidyfph .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\4m7060 gay girls .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\p2yoszc xxx w5t8cu4 [milf] .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\dk4amn0 k1tlhzdf girls titts oltmowd .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\xf0m998 gay big .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\9saw1az3 abj24u [free] boobs hotel (ct00vwxo).mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\xf0m998 beast vyfkljc16kq [milf] titts vvano0phq (8e6fxld).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\tl1xg0d w5t8cu4 k1tlhzdf girls 40+ (sonja).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\9saw1az3 5i8wmj9 [bangbus] boots .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\asian vyfkljc16kq horse [milf] vvano0phq .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\nude 3z6oda 50+ .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xxx k1tlhzdf [free] rg7tdu4 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\black vg2zgnq qfb04d7ux8iegf glans vvano0phq .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\qppc8g obd4vccp8 3z6oda girly .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\9saw1az3 xxx cew2xnf4xc cock 8j1qjf (gyta81s3l).mpeg.exe
  • C:\users\default\templates\p2yoszc mvakgcwi girls .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\porn k1tlhzdf girls (4us7a95g).zip.exe
  • %TEMP%\yhfjge obd4vccp8 5p4dftc qfb04d7ux8iegf dvmdzwh8lo (2b0ay6o,jade).zip.exe
  • %WINDIR%\temp\ktrosnb 2yuliau 5i8wmj9 [milf] wkdgiqz .rar.exe
  • %WINDIR%\assembly\temp\sperm yo6djypsz cew2xnf4xc feet sm .mpeg.exe
  • C:\users\default\appdata\local\temp\cy0hhk4jm vg2zgnq a1swtsdhkhbf e05pe26 dvmdzwh8lo (ct00vwxo).mpg.exe
  • %ProgramFiles%\dvd maker\shared\thw5cms3 horse yo6djypsz girls .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gay beast girls feet hotel .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\p2yoszc w5t8cu4 3z6oda (jade,karin).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\etorvhr sperm big legs latex .mpg.exe
  • %ProgramFiles%\microsoft office\templates\yhfjge vyfkljc16kq hot (!) balls .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\xf0m998 2yuliau [free] fishy .mpg.exe
  • %ProgramFiles%\windows journal\templates\cum xxx f9kdqlk boobs hotel .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\thw5cms3 porn vegpvr qfb04d7ux8iegf ash .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\4m7060 gay big .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\qjsuuj51 sperm hot (!) (etc82zq).zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\asian vg2zgnq vegpvr 6hg4sl (sarah).avi.exe
  • %CommonProgramFiles%\microsoft shared\cvj3ofi vegpvr beast qfb04d7ux8iegf e05pe26 wxpokr .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\nude qfb04d7ux8iegf hotel .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\black xxx 3z6oda .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\9saw1az3 cum w5t8cu4 vvano0phq .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\qppc8g qfb04d7ux8iegf lady (karin).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\dxzg91nv3 5i8wmj9 [bangbus] n3mhrd7 (4us7a95g,f56rj0).mpeg.exe
  • %ALLUSERSPROFILE%\templates\cy0hhk4jm obd4vccp8 uncut latex .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\yhfjge vegpvr f9kdqlk lady .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\cum qfb04d7ux8iegf (gina).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ f9kdqlk balls (etc82zq).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\qjsuuj51 k1tlhzdf horse [milf] .avi.exe
  • %ALLUSERSPROFILE%\templates\k1tlhzdf gay qfb04d7ux8iegf cock .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\2yuliau [milf] 1wyga12mzc .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\tl1xg0d gay xxx 6hg4sl sm (ct00vwxo,gyta81s3l).rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\obd4vccp8 w5t8cu4 girls hairy (sarah).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\thw5cms3 horse sperm a1swtsdhkhbf hotel .avi.exe
  • %WINDIR%\assembly\tmp\gay 5i8wmj9 3z6oda .mpeg.exe
  • %WINDIR%\pla\templates\qjsuuj51 porn vg2zgnq 3z6oda q4njwcdgux5bzomjnr .mpeg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tf1tq013 5p4dftc sperm [free] vnm7bo .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z7qips vegpvr qfb04d7ux8iegf cock .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\dk4amn0 abj24u gay [bangbus] (8e6fxld).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse [free] .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\horse [bangbus] titts latex .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\vg2zgnq 3z6oda 1wyga12mzc .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\xxx hot (!) titts .rar.exe
  • %ALLUSERSPROFILE%\templates\z7qips 2yuliau big cock .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\ktrosnb 2yuliau w5t8cu4 [bangbus] hole .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\peud38v horse gay [bangbus] vkwhqow (yeadrcq,opgr3as).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\cvj3ofi gay big .zip.exe
  • %ALLUSERSPROFILE%\templates\yo6djypsz 3ikjnm4y dvmdzwh8lo .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\5i8wmj9 cew2xnf4xc titts 50+ .avi.exe
  • C:\users\default\appdata\local\temp\z7qips nude cew2xnf4xc (jade).rar.exe
  • C:\users\default\appdata\local\<INETFILES>\dxzg91nv3 vyfkljc16kq mvakgcwi f9kdqlk hairy .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\k1tlhzdf 3ikjnm4y boots .rar.exe
  • C:\users\default\templates\yo6djypsz uncut glans h41hy4cklkoue .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\beast 3z6oda 1n4kl7830jqa .rar.exe
  • %TEMP%\z7qips yton2v gay f9kdqlk titts .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\dxzg91nv3 horse horse f9kdqlk hole .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\k1tlhzdf [milf] cock 1n4kl7830jqa .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\tf1tq013 vyfkljc16kq mvakgcwi 6hg4sl titts .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\0nmwz7s vyfkljc16kq 5i8wmj9 snidyfph 0vzq1yfv .zip.exe
  • %APPDATA%\microsoft\templates\0nmwz7s porn mvakgcwi uncut vnm7bo (etc82zq,2b0ay6o).mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\horse girls n3mhrd7 .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\black porn vg2zgnq girls hole 7k78h5f (opgr3as).zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black yton2v snidyfph 1n4kl7830jqa .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\beast big (rhpa1v).mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\peud38v 5p4dftc w5t8cu4 40+ .zip.exe
  • %WINDIR%\security\templates\asian xxx uncut .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\asian etorvhr vyfkljc16kq uncut z9ay2h .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\vyfkljc16kq [bangbus] ash sm (yeadrcq,gyta81s3l).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\cy0hhk4jm abj24u uncut sm .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\k1tlhzdf 6hg4sl .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\vyfkljc16kq snidyfph 50+ .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\peud38v 5p4dftc etorvhr f9kdqlk boobs .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\porn uncut fcksd0samk .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\abj24u w5t8cu4 hole (gina).avi.exe
  • %WINDIR%\syswow64\fxstmp\ktrosnb sperm nude w5t8cu4 legs lady .mpg.exe
  • %WINDIR%\syswow64\ime\shared\p2yoszc horse beast hot (!) e05pe26 fishy .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\xf0m998 obd4vccp8 beast uncut glans .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\dk4amn0 sperm horse cew2xnf4xc oltmowd .zip.exe
  • %WINDIR%\syswow64\fxstmp\xf0m998 nude uncut 8j1qjf .avi.exe
  • %WINDIR%\syswow64\ime\shared\cum 5i8wmj9 uncut vvano0phq .rar.exe
  • %WINDIR%\temp\black yo6djypsz abj24u [milf] e05pe26 upfukdp8 .mpeg.exe
  • %WINDIR%\winsxs\installtemp\yhfjge beast vyfkljc16kq qfb04d7ux8iegf fishy .zip.exe
  • %CommonProgramFiles%\microsoft shared\tf1tq013 etorvhr beast cew2xnf4xc .avi.exe
  • %ProgramFiles%\dvd maker\shared\ktrosnb abj24u k1tlhzdf 3z6oda cock rg7tdu4 (rhpa1v).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\5i8wmj9 w5t8cu4 .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\dxzg91nv3 2yuliau beast cew2xnf4xc titts .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ a1swtsdhkhbf cock 1wyga12mzc .avi.exe
  • %ProgramFiles%\microsoft office\templates\gay hot (!) titts lady .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse snidyfph .avi.exe
  • %ProgramFiles%\windows journal\templates\z7qips 2yuliau yo6djypsz girls cock .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\thw5cms3 nude mvakgcwi [bangbus] ash .avi.exe
  • %WINDIR%\winsxs\installtemp\dxzg91nv3 etorvhr gay uncut cock 40+ (jade).zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play