PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.KillProc2.25271

Aggiunto al database dei virus Dr.Web: 2025-07-10

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\w6csjja14n1 h93bklf bq4kno (2hbt8wr,2hbt8wr).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\8r3baiec mnho9y54 horse apv53deiq9fw titts (rdl1tfkz,2hbt8wr).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\h93bklf 7vepaqjm cock .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gzn4ud7e tsomq34 gay 7vepaqjm lzxyhb7k .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec yzw1afy [milf] (haj1oyikd,36mho73).rar.exe
  • %ProgramFiles%\microsoft office\templates\f1i7cm porn bd1l5ir 7vepaqjm jxqgtp qx2j1b5 .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\cum beast ihthd33 hole boots .avi.exe
  • %ProgramFiles%\windows journal\templates\horse xakmpl vjq39c1gwy hole .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\eq7k2xcxt tsomq34 [milf] cock (y8oxsqa).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\gay tsomq34 epyxwn .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\yzw1afy hot (!) boobs lzxyhb7k (c4w8hqa,dehod0).rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\asian porn girls .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\f07qtt mzwpstr8n lpcu5ai3 hot (!) (karin,sonja).zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\yzw1afy yzw1afy l9hwcs7vvnphd9 young (36mho73).mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\tsomq34 ihthd33 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe yzw1afy [free] ae2sd7u4xh .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\xxx girls ol6p1tua (jade,sarah).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\viaz50 tsomq34 sgu4m7oc ol6p1tua .zip.exe
  • %ALLUSERSPROFILE%\templates\wpjwijv yzw1afy ihthd33 8pfmdyy (karin).rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\zc8giv9 xakmpl hot (!) mg9fvb2xk9 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\w6csjja14n1 wep6b08 hot (!) 8pfmdyy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7nd83wovj vjq39c1gwy .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\porn 7nd83wovj nom72kl .avi.exe
  • %ALLUSERSPROFILE%\templates\f07qtt sperm gay girls fishy .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ [free] .mpeg.exe
  • C:\users\default\appdata\local\temp\upfgetx mzwpstr8n h93bklf sgu4m7oc rv0y8n .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\jxaglwti h93bklf mnho9y54 uncut cock lzxyhb7k .mpg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\4h1e2a346 yzw1afy 7nd83wovj 7vepaqjm .zip.exe
  • C:\users\default\templates\z1qxwcd mnho9y54 nom72kl (sonja).avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\7nd83wovj girls (c4w8hqa,gina).mpg.exe
  • %TEMP%\black horse ddqayq apv53deiq9fw .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\gzn4ud7e nude gay apv53deiq9fw gh5b6gd7wrv (rdl1tfkz).mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\0287zh 8ok6yf w6csjja14n1 big ejn547rbxhd1 .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\0287zh porn bq4kno (sarah,hyo87il).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\eq7k2xcxt gay bq4kno (g6u8n4r).zip.exe
  • %APPDATA%\microsoft\templates\f07qtt nom72kl cum epyxwn .mpeg.exe
  • %APPDATA%\microsoft\windows\templates\8r3baiec w6csjja14n1 7vepaqjm .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\gzn4ud7e 8ok6yf epyxwn (dehod0,dehod0).mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\black 7nd83wovj wep6b08 girls (y8oxsqa,sonja).rar.exe
  • %HOMEPATH%\templates\ikdyfwhy xakmpl cum uncut qq6w54yfhtqrbwcslg (cy4xpd,dxocjwba).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\jxaglwti h93bklf l9hwcs7vvnphd9 ejn547rbxhd1 .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt horse xxx vjq39c1gwy kfp2yqq .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mnho9y54 sgu4m7oc jxqgtp .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\s2fkave mzwpstr8n bd1l5ir [milf] lzxyhb7k (gina).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\gay nude nom72kl feet 8pfmdyy (rdl1tfkz).avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\asian horse xakmpl [bangbus] (36mho73,dxocjwba).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx horse cum [free] (rdl1tfkz,hyo87il).mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt xxx h93bklf vjq39c1gwy fishy .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zc8giv9 xxx 8ok6yf uncut ae2sd7u4xh (jade).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe sperm ihthd33 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm cum apv53deiq9fw zn3tvn .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\fac71w2 wep6b08 uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\h93bklf hot (!) jxqgtp .mpeg.exe
  • %WINDIR%\assembly\temp\xxx mzwpstr8n [milf] .mpeg.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt xakmpl w6csjja14n1 epyxwn .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\yzw1afy sgu4m7oc jxqgtp 50+ (sonja).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\jxaglwti mzwpstr8n 7vepaqjm 50+ .zip.exe
  • %WINDIR%\pla\templates\jxaglwti sperm hot (!) hotel .mpg.exe
  • %WINDIR%\security\templates\0287zh ddqayq hot (!) .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\jxaglwti mzwpstr8n beast hot (!) .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\jxaglwti tsomq34 l9hwcs7vvnphd9 titts (2hbt8wr).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z9z7rwe mnho9y54 vjq39c1gwy mg9fvb2xk9 .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave nude 8ok6yf [bangbus] nmibe2 .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\zc8giv9 wep6b08 nom72kl (sandy).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\z9z7rwe nom72kl bq4kno hole b37oavmx289 .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\zc8giv9 horse 8ok6yf epyxwn legs zmc8ujp .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\asian mzwpstr8n big (y8oxsqa,karin).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\f1i7cm xakmpl h93bklf girls hairy .rar.exe
  • %WINDIR%\syswow64\ime\shared\asian 8ok6yf uncut .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\viaz50 lpcu5ai3 h93bklf l9hwcs7vvnphd9 (sonja).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 cum bq4kno .zip.exe
  • %WINDIR%\syswow64\fxstmp\jxaglwti sperm horse ihthd33 (jenna,y8oxsqa).zip.exe
  • %WINDIR%\syswow64\ime\shared\7b6fhxi cum bq4kno .rar.exe
  • %WINDIR%\temp\black mzwpstr8n horse girls shoes .mpg.exe
  • %WINDIR%\winsxs\installtemp\jxaglwti xakmpl uncut kfp2yqq eigt45 .zip.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\asian yzw1afy gay l9hwcs7vvnphd9 boobs 6tl9zg0uqa (liz,g6u8n4r).mpeg.exe
  • %CommonProgramFiles%\microsoft shared\nom72kl [free] feet hotel .avi.exe
  • %ProgramFiles%\dvd maker\shared\lpcu5ai3 tsomq34 sgu4m7oc sm (gina,c4w8hqa).rar.exe
  • %ProgramFiles%\dvd maker\shared\fac71w2 h93bklf lpcu5ai3 sgu4m7oc feet qx2j1b5 (karin).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\jxaglwti xxx big 6tl9zg0uqa (dehod0).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\s2fkave h93bklf horse [bangbus] .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gay nom72kl eigt45 (y8oxsqa,sonja).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f1i7cm h93bklf nom72kl hot (!) glans .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mzwpstr8n wep6b08 [free] zmc8ujp .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\s2fkave 8ok6yf mzwpstr8n [bangbus] .avi.exe
  • %ProgramFiles%\microsoft office\templates\sperm hot (!) eigt45 .zip.exe
  • %ProgramFiles%\microsoft office\templates\8r3baiec h93bklf xxx girls feet .mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\nom72kl [bangbus] feet sm .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\porn l9hwcs7vvnphd9 boobs girly (dxocjwba).avi.exe
  • %ProgramFiles%\windows journal\templates\fac71w2 h93bklf xxx uncut .zip.exe
  • %ProgramFiles%\windows journal\templates\upfgetx nom72kl [bangbus] zmc8ujp .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\beast bq4kno feet 40+ .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\black h93bklf gay [bangbus] qx2j1b5 .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\mnho9y54 mnho9y54 [milf] .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\gzn4ud7e bd1l5ir ddqayq hot (!) titts .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\beast vjq39c1gwy cock ae2sd7u4xh (sarah).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gay apv53deiq9fw titts .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\eq7k2xcxt gay horse vjq39c1gwy sm (liz).mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\8r3baiec 7nd83wovj nom72kl .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\mzwpstr8n uncut gh5b6gd7wrv .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\wpjwijv xxx lpcu5ai3 big kfp2yqq .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black bd1l5ir horse [milf] gsva2xn .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\eq7k2xcxt h93bklf mzwpstr8n nom72kl (liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\black horse mzwpstr8n sgu4m7oc cock rv0y8n .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt 8ok6yf tsomq34 [milf] fishy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec nude xxx sgu4m7oc hole boots .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\beast big glans gsva2xn .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\8r3baiec wep6b08 horse big .avi.exe
  • %ALLUSERSPROFILE%\templates\ vjq39c1gwy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm [bangbus] ash rv0y8n .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx horse nom72kl uncut titts ol6p1tua (jade).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx mzwpstr8n apv53deiq9fw cock lady .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian tsomq34 girls (liz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8ok6yf yzw1afy girls glans 8pfmdyy .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black nom72kl 7vepaqjm .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt 8ok6yf tsomq34 sgu4m7oc glans boots .mpeg.exe
  • %ALLUSERSPROFILE%\templates\wpjwijv nom72kl horse vjq39c1gwy hotel (cy4xpd).mpg.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm 7nd83wovj mzwpstr8n 7vepaqjm hole 779mipj (jade).mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\fac71w2 7nd83wovj beast nom72kl feet .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z1qxwcd lpcu5ai3 uncut glans girly .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e w6csjja14n1 hot (!) .avi.exe
  • C:\users\default\appdata\local\temp\mzwpstr8n big hairy .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian yzw1afy sgu4m7oc boots .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm 8ok6yf uncut .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe nude xxx [free] hole boots (g6u8n4r).avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\s2fkave horse tsomq34 [bangbus] hole sgoibhh .mpg.exe
  • %ALLUSERSPROFILE%\templates\7b6fhxi w6csjja14n1 7vepaqjm qx2j1b5 .zip.exe
  • C:\users\default\templates\gzn4ud7e wep6b08 beast uncut .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\w6csjja14n1 nom72kl gsva2xn .mpg.exe
  • C:\users\default\appdata\local\temp\jxaglwti wep6b08 [bangbus] jxqgtp .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\gay w6csjja14n1 nom72kl legs qx2j1b5 (36mho73,gina).zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\nom72kl apv53deiq9fw feet girly .avi.exe
  • C:\users\default\templates\ikdyfwhy mzwpstr8n beast [free] .mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\lpcu5ai3 [milf] latex .mpg.exe
  • %TEMP%\beast [free] 6tl9zg0uqa .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\upfgetx wep6b08 gay epyxwn hole .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\tsomq34 nom72kl cock rv0y8n (y8oxsqa).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\z9z7rwe h93bklf l9hwcs7vvnphd9 titts .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\mzwpstr8n uncut ash .mpeg.exe
  • %TEMP%\gzn4ud7e nom72kl bq4kno feet 40+ .rar.exe
  • %LOCALAPPDATA%\<INETFILES>\z1qxwcd l9hwcs7vvnphd9 sweet .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\fac71w2 bd1l5ir 7vepaqjm ejn547rbxhd1 .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\wep6b08 epyxwn boobs (c4w8hqa).zip.exe
  • %APPDATA%\microsoft\templates\yzw1afy big wifey .avi.exe
  • %APPDATA%\microsoft\windows\templates\z9z7rwe cum gay uncut .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\tsomq34 uncut glans .mpg.exe
  • %APPDATA%\microsoft\templates\s2fkave beast h93bklf [milf] kfp2yqq ae2sd7u4xh .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\horse 7vepaqjm hole .avi.exe
  • %HOMEPATH%\templates\upfgetx xakmpl horse vjq39c1gwy .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\viaz50 7nd83wovj horse 7vepaqjm boobs ae2sd7u4xh (liz,jade).mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\8r3baiec 7nd83wovj sperm hot (!) cock js80j73 (dxocjwba).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nom72kl sgu4m7oc 8pfmdyy .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt nude yzw1afy girls (gina,2hbt8wr).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\lpcu5ai3 [milf] qq6w54yfhtqrbwcslg .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\f07qtt w6csjja14n1 horse sgu4m7oc (karin).avi.exe
  • %HOMEPATH%\templates\sperm cum hot (!) mg9fvb2xk9 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt w6csjja14n1 mzwpstr8n epyxwn ash .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\yzw1afy big legs sm .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n nom72kl l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ddqayq vjq39c1gwy lzxyhb7k (sonja,g6u8n4r).avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\f1i7cm porn 7vepaqjm .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\fac71w2 wep6b08 7vepaqjm feet .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\beast tsomq34 ihthd33 .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ikdyfwhy wep6b08 bd1l5ir ihthd33 titts .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\z9z7rwe horse xxx ihthd33 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f1i7cm h93bklf xxx [bangbus] eigt45 .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\s2fkave ddqayq tsomq34 ihthd33 titts fishy (karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt 8ok6yf mzwpstr8n hot (!) zn3tvn .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\s2fkave wep6b08 horse uncut hole .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\nom72kl girls .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mnho9y54 epyxwn hole .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx vjq39c1gwy feet hairy .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt 8ok6yf tsomq34 sgu4m7oc hole qq6w54yfhtqrbwcslg (g6u8n4r).rar.exe
  • %WINDIR%\assembly\temp\fac71w2 horse mzwpstr8n girls titts .avi.exe
  • %WINDIR%\assembly\tmp\lpcu5ai3 girls .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gzn4ud7e nude ihthd33 legs fw58kpr41ob1w .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\beast horse l9hwcs7vvnphd9 jxqgtp zmc8ujp .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt h93bklf [milf] .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse wep6b08 bq4kno (karin).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\sperm porn [free] (dxocjwba,dxocjwba).avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z9z7rwe w6csjja14n1 horse l9hwcs7vvnphd9 (cy4xpd).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f1i7cm cum nom72kl vjq39c1gwy titts qx2j1b5 (sarah).zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm mnho9y54 beast [free] qq6w54yfhtqrbwcslg (y8oxsqa,sandy).mpg.exe
  • %WINDIR%\pla\templates\black 8ok6yf tsomq34 sgu4m7oc ash .mpeg.exe
  • %WINDIR%\security\templates\gzn4ud7e bd1l5ir sperm big gsva2xn (haj1oyikd,cy4xpd).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl big zn3tvn (haj1oyikd,2hbt8wr).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\black nude horse [free] gh5b6gd7wrv .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\mzwpstr8n uncut hole latex .mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\h93bklf nom72kl sgu4m7oc 6tl9zg0uqa .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec ddqayq tsomq34 nom72kl boots .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black nude beast l9hwcs7vvnphd9 cock hotel .mpg.exe
  • %WINDIR%\assembly\temp\black ddqayq l9hwcs7vvnphd9 .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\beast sgu4m7oc feet 40+ (jade).mpg.exe
  • %WINDIR%\assembly\tmp\horse ddqayq uncut gh5b6gd7wrv (haj1oyikd).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt bd1l5ir mzwpstr8n sgu4m7oc cock ol6p1tua .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 [free] zn3tvn .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\viaz50 8ok6yf uncut cock ae2sd7u4xh .mpg.exe
  • %WINDIR%\syswow64\fxstmp\w6csjja14n1 nom72kl ihthd33 balls .rar.exe
  • %WINDIR%\syswow64\ime\shared\black nude gay bq4kno .mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\xakmpl bd1l5ir [milf] boobs 40+ .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\beast sgu4m7oc (2hbt8wr).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\yzw1afy apv53deiq9fw (dxocjwba).zip.exe
  • %WINDIR%\syswow64\fxstmp\upfgetx nude horse epyxwn 50+ .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\upfgetx ddqayq sperm [free] .rar.exe
  • %WINDIR%\pla\templates\0287zh l9hwcs7vvnphd9 (haj1oyikd,rdl1tfkz).rar.exe
  • %WINDIR%\security\templates\zc8giv9 ddqayq vjq39c1gwy nrb42wq .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\h93bklf sgu4m7oc boots .rar.exe
  • %WINDIR%\temp\f1i7cm porn yzw1afy vjq39c1gwy cock young (g6u8n4r).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\sperm wep6b08 ihthd33 boobs .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\jxaglwti xxx ihthd33 ash .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8ok6yf hot (!) glans ol6p1tua .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black lpcu5ai3 hot (!) lzxyhb7k .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt sperm mnho9y54 ihthd33 girly .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\0287zh sperm l9hwcs7vvnphd9 ash .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nude epyxwn hairy .rar.exe
  • %WINDIR%\syswow64\fxstmp\4h1e2a346 tsomq34 uncut zn3tvn .rar.exe
  • %WINDIR%\syswow64\ime\shared\nude ddqayq l9hwcs7vvnphd9 kfp2yqq qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\cum bq4kno ash .mpg.exe
  • %WINDIR%\syswow64\fxstmp\0287zh wep6b08 7vepaqjm mg9fvb2xk9 .rar.exe
  • %WINDIR%\syswow64\ime\shared\bd1l5ir lpcu5ai3 [bangbus] balls .mpg.exe
  • %WINDIR%\temp\wpjwijv ddqayq vjq39c1gwy 40+ .rar.exe
  • %WINDIR%\winsxs\installtemp\ [bangbus] fishy .mpeg.exe
  • %WINDIR%\winsxs\installtemp\horse epyxwn shoes .avi.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play