FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
Support services
Scanners
Dr.Web vxCube
Trial
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.28903

Added to the Dr.Web virus database: 2025-07-16

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\tsomq34 vjq39c1gwy (cy4xpd).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\gay nom72kl glans sm (jade).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gay hot (!) 8pfmdyy (dehod0,2hbt8wr).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gzn4ud7e porn yzw1afy [free] qq6w54yfhtqrbwcslg .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\fac71w2 wep6b08 xxx [bangbus] feet .mpg.exe
  • %ProgramFiles%\microsoft office\templates\fac71w2 xakmpl tsomq34 hot (!) cock gh5b6gd7wrv .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z9z7rwe w6csjja14n1 tsomq34 bq4kno wifey .avi.exe
  • %ProgramFiles%\windows journal\templates\s2fkave w6csjja14n1 tsomq34 [milf] b37oavmx289 .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\black cum gay hot (!) hole .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt 8ok6yf horse apv53deiq9fw lady .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\eq7k2xcxt xakmpl [bangbus] glans sm .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\sperm [free] .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\lpcu5ai3 [milf] .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm ddqayq nom72kl l9hwcs7vvnphd9 hairy .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\sperm big zmc8ujp (jenna,2hbt8wr).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave cum sperm [free] hole shoes .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm apv53deiq9fw (y8oxsqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave horse nom72kl ihthd33 feet 40+ .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm wep6b08 mzwpstr8n bq4kno .mpeg.exe
  • %ALLUSERSPROFILE%\templates\ girls eigt45 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt horse lpcu5ai3 [free] feet girly .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\yzw1afy [free] glans ejn547rbxhd1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt xakmpl beast sgu4m7oc glans 779mipj (g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave h93bklf sperm [free] girly .mpg.exe
  • %ALLUSERSPROFILE%\templates\beast epyxwn glans girly .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec ddqayq tsomq34 epyxwn wifey .rar.exe
  • C:\users\default\appdata\local\temp\gay girls gh5b6gd7wrv (hyo87il,jade).avi.exe
  • C:\users\default\appdata\local\<INETFILES>\black horse mnho9y54 big glans .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\f07qtt porn mnho9y54 7vepaqjm hole ae2sd7u4xh .avi.exe
  • C:\users\default\templates\s2fkave cum mzwpstr8n apv53deiq9fw b37oavmx289 .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f1i7cm 8ok6yf lpcu5ai3 [milf] zn3tvn .mpg.exe
  • %TEMP%\horse 7vepaqjm fishy .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\8r3baiec nude tsomq34 [milf] lady .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\mnho9y54 [free] ol6p1tua .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\gay [bangbus] gsva2xn .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\tsomq34 l9hwcs7vvnphd9 (y8oxsqa).zip.exe
  • %APPDATA%\microsoft\templates\sperm apv53deiq9fw 779mipj (sonja,2hbt8wr).mpeg.exe
  • %APPDATA%\microsoft\windows\templates\gzn4ud7e 7nd83wovj xxx 7vepaqjm feet .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\lpcu5ai3 epyxwn feet latex .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gzn4ud7e horse gay 7vepaqjm (sarah).zip.exe
  • %HOMEPATH%\templates\eq7k2xcxt xakmpl yzw1afy sgu4m7oc (jade).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\0287zh sperm hot (!) nmibe2 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black wep6b08 apv53deiq9fw nrb42wq .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec horse yzw1afy [milf] glans lzxyhb7k (karin).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\s2fkave wep6b08 tsomq34 girls fw58kpr41ob1w .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\nom72kl [milf] 50+ (gina,g6u8n4r).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z9z7rwe h93bklf tsomq34 [milf] titts b37oavmx289 (liz).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f1i7cm horse sperm 7vepaqjm lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe 7nd83wovj xxx vjq39c1gwy young .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\s2fkave xakmpl lpcu5ai3 vjq39c1gwy feet .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\xxx vjq39c1gwy (jade).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\eq7k2xcxt 7nd83wovj tsomq34 ihthd33 hole (sonja,g6u8n4r).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f1i7cm bd1l5ir tsomq34 uncut (g6u8n4r).rar.exe
  • %WINDIR%\assembly\temp\horse sgu4m7oc hole 50+ .rar.exe
  • %WINDIR%\assembly\tmp\fac71w2 8ok6yf horse vjq39c1gwy .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black h93bklf nom72kl [free] (sarah).avi.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\beast apv53deiq9fw .mpg.exe
  • %WINDIR%\pla\templates\xxx girls glans latex .mpeg.exe
  • %WINDIR%\security\templates\horse uncut hole latex .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 7vepaqjm feet .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\xxx girls rv0y8n .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay girls hole (jenna,2hbt8wr).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec h93bklf sperm uncut cock sgoibhh .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse uncut titts b37oavmx289 (sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\sperm uncut .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\gay apv53deiq9fw titts .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 big ash .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\wep6b08 l9hwcs7vvnphd9 .avi.exe
  • %WINDIR%\syswow64\ime\shared\black cum sperm ihthd33 nrb42wq .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\black xakmpl apv53deiq9fw eigt45 .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\tsomq34 apv53deiq9fw (y8oxsqa).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\fac71w2 7nd83wovj beast l9hwcs7vvnphd9 feet .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\fac71w2 8ok6yf gay [bangbus] lady .mpeg.exe
  • %WINDIR%\winsxs\installtemp\zc8giv9 yzw1afy epyxwn balls (haj1oyikd,liz).mpeg.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\f07qtt bd1l5ir yzw1afy bq4kno feet eigt45 .rar.exe
  • %CommonProgramFiles%\microsoft shared\eq7k2xcxt porn sperm [milf] b37oavmx289 .zip.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe 7nd83wovj nom72kl l9hwcs7vvnphd9 gh5b6gd7wrv (dehod0,cy4xpd).rar.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe nude mzwpstr8n nom72kl (g6u8n4r).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gzn4ud7e xakmpl xxx bq4kno cock .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\8r3baiec w6csjja14n1 gay nom72kl glans qq6w54yfhtqrbwcslg (dxocjwba).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\s2fkave bd1l5ir beast big js80j73 (36mho73,jade).avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe 8ok6yf beast [free] hairy .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gay [free] feet balls .zip.exe
  • %ProgramFiles%\microsoft office\templates\z9z7rwe h93bklf sperm uncut .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx h93bklf sperm sgu4m7oc ae2sd7u4xh .zip.exe
  • %ProgramFiles%\microsoft office\templates\horse 7vepaqjm shoes .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\lpcu5ai3 [milf] feet 8pfmdyy .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse ihthd33 (c4w8hqa).mpg.exe
  • %ProgramFiles%\windows journal\templates\black bd1l5ir nom72kl l9hwcs7vvnphd9 titts .mpg.exe
  • %ProgramFiles%\windows journal\templates\z9z7rwe 8ok6yf lpcu5ai3 sgu4m7oc hole young (g6u8n4r).rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\8r3baiec ddqayq gay big cock .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\upfgetx ddqayq tsomq34 [bangbus] .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx bd1l5ir xxx girls .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\eq7k2xcxt porn tsomq34 ihthd33 .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\upfgetx xakmpl beast sgu4m7oc titts (hyo87il,sarah).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\lpcu5ai3 ihthd33 feet sm .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\fac71w2 w6csjja14n1 nom72kl bq4kno sgoibhh .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nom72kl [bangbus] glans hotel .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\s2fkave horse mzwpstr8n uncut feet 779mipj (karin).mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\upfgetx w6csjja14n1 mzwpstr8n [milf] hole gh5b6gd7wrv (cy4xpd).avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gzn4ud7e horse tsomq34 epyxwn nmibe2 .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gzn4ud7e ddqayq lpcu5ai3 big feet .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\8r3baiec 8ok6yf yzw1afy uncut 8pfmdyy .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\s2fkave xakmpl horse uncut feet .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 epyxwn hole (rdl1tfkz,karin).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave ddqayq horse [milf] titts .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\mnho9y54 uncut hotel .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\mzwpstr8n sgu4m7oc 779mipj .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast epyxwn feet 8bgkvshe1 (jade).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\fac71w2 ddqayq nom72kl uncut wifey .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black cum lpcu5ai3 ihthd33 50+ .mpg.exe
  • %ALLUSERSPROFILE%\templates\s2fkave nude ihthd33 (liz).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e ddqayq horse nom72kl cock shoes (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\xxx epyxwn 50+ .zip.exe
  • %ALLUSERSPROFILE%\templates\yzw1afy vjq39c1gwy zn3tvn .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e ddqayq gay nom72kl glans b37oavmx289 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\8r3baiec ddqayq mnho9y54 7vepaqjm feet (36mho73,c4w8hqa).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n [bangbus] cock 6tl9zg0uqa .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e horse gay nom72kl feet 8bgkvshe1 (liz).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm cum nom72kl [free] titts girly .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gay hot (!) glans hairy (2hbt8wr).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt xakmpl xxx girls glans 50+ (sarah).zip.exe
  • %ALLUSERSPROFILE%\templates\8r3baiec nude tsomq34 nom72kl .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\yzw1afy bq4kno .zip.exe
  • C:\users\default\appdata\local\temp\8r3baiec cum lpcu5ai3 hot (!) young .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 w6csjja14n1 horse nom72kl .zip.exe
  • %ALLUSERSPROFILE%\templates\z9z7rwe 7nd83wovj tsomq34 l9hwcs7vvnphd9 mg9fvb2xk9 .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\s2fkave bd1l5ir nom72kl sgu4m7oc (2hbt8wr).avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\xxx girls .avi.exe
  • C:\users\default\appdata\local\temp\gay big gsva2xn .zip.exe
  • C:\users\default\templates\mzwpstr8n [bangbus] lady .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\ hot (!) .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec w6csjja14n1 lpcu5ai3 girls .mpg.exe
  • C:\users\default\templates\f1i7cm h93bklf hot (!) .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e nude tsomq34 ihthd33 hairy .rar.exe
  • %TEMP%\f1i7cm 7nd83wovj mzwpstr8n [free] hairy .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\z9z7rwe bd1l5ir mnho9y54 sgu4m7oc (y8oxsqa).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\gay hot (!) feet wifey .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\s2fkave ddqayq mzwpstr8n nom72kl .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\mzwpstr8n vjq39c1gwy 779mipj .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\black bd1l5ir nom72kl epyxwn zmc8ujp .avi.exe
  • %TEMP%\upfgetx wep6b08 mzwpstr8n hot (!) lzxyhb7k .rar.exe
  • %APPDATA%\microsoft\templates\z9z7rwe xakmpl lpcu5ai3 nom72kl glans sgoibhh .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\yzw1afy hot (!) fw58kpr41ob1w .zip.exe
  • %APPDATA%\microsoft\windows\templates\f07qtt 7nd83wovj lpcu5ai3 uncut .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\lpcu5ai3 girls glans boots .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f1i7cm ddqayq 7vepaqjm qq6w54yfhtqrbwcslg (sonja,dxocjwba).avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f1i7cm 8ok6yf xxx vjq39c1gwy zn3tvn (dehod0,cy4xpd).mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\fac71w2 horse sperm 7vepaqjm glans sgoibhh .zip.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\lpcu5ai3 girls lady .zip.exe
  • %HOMEPATH%\templates\xxx big glans .mpg.exe
  • %APPDATA%\microsoft\templates\f1i7cm 8ok6yf mnho9y54 epyxwn feet .rar.exe
  • %APPDATA%\microsoft\windows\templates\black horse tsomq34 7vepaqjm titts young .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\yzw1afy 7vepaqjm feet nrb42wq (y8oxsqa).zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\ [milf] (sarah).rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gzn4ud7e h93bklf vjq39c1gwy titts .avi.exe
  • %HOMEPATH%\templates\z9z7rwe wep6b08 beast hot (!) titts .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z9z7rwe h93bklf gay 7vepaqjm hole .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt ddqayq horse [free] gsva2xn .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 horse mnho9y54 uncut zmc8ujp .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ [bangbus] hole lzxyhb7k .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 nom72kl (2hbt8wr).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\mnho9y54 uncut hole ae2sd7u4xh .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\mnho9y54 [milf] 8bgkvshe1 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e porn gay [milf] .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\upfgetx nude mzwpstr8n l9hwcs7vvnphd9 js80j73 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\z9z7rwe nude yzw1afy uncut hole 6tl9zg0uqa (dxocjwba).zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx 7nd83wovj ihthd33 glans .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\beast bq4kno sgoibhh (gina,2hbt8wr).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gay uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx bd1l5ir beast [free] 8pfmdyy .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\fac71w2 bd1l5ir lpcu5ai3 apv53deiq9fw shoes (sonja,karin).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\gay big titts .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gzn4ud7e xakmpl tsomq34 nom72kl titts 8pfmdyy .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\yzw1afy girls glans sweet .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\s2fkave 7nd83wovj lpcu5ai3 epyxwn feet .avi.exe
  • %WINDIR%\assembly\temp\8r3baiec 7nd83wovj mzwpstr8n l9hwcs7vvnphd9 titts young .rar.exe
  • %WINDIR%\assembly\tmp\ big hotel .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\fac71w2 ddqayq xxx ihthd33 cock .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\lpcu5ai3 [milf] .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\gzn4ud7e w6csjja14n1 nom72kl epyxwn boots .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e porn beast sgu4m7oc hole lzxyhb7k .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f1i7cm nude sperm big glans (haj1oyikd,dxocjwba).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\fac71w2 wep6b08 mnho9y54 sgu4m7oc hole 6tl9zg0uqa (c4w8hqa).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8r3baiec bd1l5ir yzw1afy [free] titts .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ apv53deiq9fw cock mg9fvb2xk9 (dxocjwba).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f1i7cm 7nd83wovj horse uncut cock .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\z9z7rwe 7nd83wovj lpcu5ai3 bq4kno (jade).zip.exe
  • %WINDIR%\assembly\temp\upfgetx 8ok6yf mnho9y54 vjq39c1gwy ejn547rbxhd1 .rar.exe
  • %WINDIR%\assembly\tmp\f07qtt bd1l5ir sperm girls glans ash (cy4xpd).avi.exe
  • %WINDIR%\pla\templates\tsomq34 ihthd33 zmc8ujp (haj1oyikd,c4w8hqa).zip.exe
  • %WINDIR%\security\templates\f1i7cm bd1l5ir mzwpstr8n nom72kl feet .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe wep6b08 tsomq34 ihthd33 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\beast uncut fishy .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z9z7rwe wep6b08 beast 7vepaqjm glans .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\f1i7cm wep6b08 horse big cock .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\tsomq34 [bangbus] (karin).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f07qtt 8ok6yf gay [bangbus] zmc8ujp .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 h93bklf yzw1afy [bangbus] qx2j1b5 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe 8ok6yf lpcu5ai3 l9hwcs7vvnphd9 (cy4xpd).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\gzn4ud7e porn horse girls glans (rdl1tfkz,jade).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f1i7cm w6csjja14n1 mzwpstr8n nom72kl feet nmibe2 .mpg.exe
  • %WINDIR%\pla\templates\z9z7rwe horse gay 7vepaqjm glans ash .mpg.exe
  • %WINDIR%\security\templates\f1i7cm h93bklf xxx hot (!) js80j73 .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt horse tsomq34 l9hwcs7vvnphd9 glans .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\gzn4ud7e bd1l5ir beast 7vepaqjm hole .mpg.exe
  • %WINDIR%\syswow64\fxstmp\4h1e2a346 mnho9y54 vjq39c1gwy gsva2xn (sonja,liz).mpg.exe
  • %WINDIR%\syswow64\ime\shared\black ddqayq xxx [free] gh5b6gd7wrv (sonja,jade).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\beast uncut ol6p1tua (dehod0,y8oxsqa).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe cum gay nom72kl 6tl9zg0uqa .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z9z7rwe w6csjja14n1 horse big glans ash .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\mzwpstr8n [bangbus] (liz).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe bd1l5ir beast hot (!) cock (dehod0,sarah).avi.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec w6csjja14n1 horse vjq39c1gwy (jade).mpeg.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt w6csjja14n1 gay sgu4m7oc glans 40+ .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\horse big sm .avi.exe
  • %WINDIR%\temp\eq7k2xcxt ddqayq yzw1afy ihthd33 8pfmdyy .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\black w6csjja14n1 mzwpstr8n uncut titts .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt porn mnho9y54 nom72kl hole mg9fvb2xk9 .rar.exe
  • %WINDIR%\syswow64\fxstmp\asian tsomq34 nom72kl .avi.exe
  • %WINDIR%\syswow64\ime\shared\xxx epyxwn cock .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt xakmpl nom72kl sgu4m7oc .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yzw1afy [bangbus] (2hbt8wr).avi.exe
  • %WINDIR%\syswow64\fxstmp\f1i7cm nude tsomq34 bq4kno shoes .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\black 8ok6yf mzwpstr8n apv53deiq9fw eigt45 (jenna,dxocjwba).zip.exe
  • %WINDIR%\temp\xxx [free] wifey (sonja,g6u8n4r).avi.exe
  • %WINDIR%\winsxs\installtemp\7nd83wovj lpcu5ai3 [milf] .avi.exe
  • %WINDIR%\winsxs\installtemp\xakmpl lpcu5ai3 girls glans .zip.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play