FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillProc2.25460

Added to the Dr.Web virus database: 2025-07-10

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\nom72kl apv53deiq9fw fishy (haj1oyikd,c4w8hqa).rar.exe
  • %ProgramFiles%\dvd maker\shared\ikdyfwhy xxx vjq39c1gwy .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\ikdyfwhy h93bklf uncut 8pfmdyy .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\viaz50 xakmpl 8ok6yf big hole lzxyhb7k .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\nom72kl sgu4m7oc nrb42wq .zip.exe
  • %ProgramFiles%\microsoft office\templates\f07qtt lpcu5ai3 yzw1afy ihthd33 hole .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gay uncut boobs 40+ .avi.exe
  • %ProgramFiles%\windows journal\templates\7nd83wovj [milf] qx2j1b5 (gina,haj1oyikd).mpeg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\lpcu5ai3 bd1l5ir apv53deiq9fw ash js80j73 (c4w8hqa).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\viaz50 [bangbus] boobs gh5b6gd7wrv (dehod0).mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\upfgetx mnho9y54 gay l9hwcs7vvnphd9 (sonja).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7nd83wovj horse apv53deiq9fw .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\tsomq34 bq4kno cock (jenna).zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\wpjwijv porn nom72kl fishy (sandy,hyo87il).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\ddqayq l9hwcs7vvnphd9 glans (rdl1tfkz,y8oxsqa).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave porn l9hwcs7vvnphd9 girly .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\black sperm epyxwn (hyo87il).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\nude yzw1afy vjq39c1gwy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\7b6fhxi lpcu5ai3 7vepaqjm shoes (haj1oyikd).rar.exe
  • %ALLUSERSPROFILE%\templates\eq7k2xcxt mnho9y54 horse ihthd33 .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse apv53deiq9fw .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\beast nude ihthd33 feet sm .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\w6csjja14n1 w6csjja14n1 uncut sweet (gina,hyo87il).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx xxx apv53deiq9fw cock .mpg.exe
  • %ALLUSERSPROFILE%\templates\black horse sgu4m7oc lzxyhb7k .avi.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\viaz50 ddqayq xakmpl hot (!) titts .mpeg.exe
  • C:\users\default\appdata\local\temp\z9z7rwe lpcu5ai3 epyxwn 779mipj .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\w6csjja14n1 hot (!) .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\0287zh yzw1afy horse nom72kl fishy .mpg.exe
  • C:\users\default\templates\horse 8ok6yf sgu4m7oc .rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f07qtt nom72kl vjq39c1gwy (hyo87il).mpeg.exe
  • %TEMP%\jxaglwti mzwpstr8n w6csjja14n1 bq4kno sweet .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\z9z7rwe h93bklf mzwpstr8n [free] fishy .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\4h1e2a346 beast ddqayq sgu4m7oc .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\s2fkave cum horse hot (!) latex .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\4h1e2a346 mzwpstr8n [milf] 8bgkvshe1 .mpg.exe
  • %APPDATA%\microsoft\templates\jxaglwti beast l9hwcs7vvnphd9 shoes .mpg.exe
  • %APPDATA%\microsoft\windows\templates\tsomq34 big eigt45 .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\8ok6yf horse big sgoibhh .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\gzn4ud7e ddqayq big legs .zip.exe
  • %HOMEPATH%\templates\horse hot (!) 40+ .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\s2fkave wep6b08 h93bklf girls glans ejn547rbxhd1 .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 gay horse epyxwn .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\fac71w2 porn cum ihthd33 ash .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ bq4kno nmibe2 .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\viaz50 horse nom72kl 6tl9zg0uqa .mpg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black horse apv53deiq9fw zn3tvn .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\ddqayq apv53deiq9fw legs sweet .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\viaz50 sperm nom72kl ihthd33 gh5b6gd7wrv .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black ddqayq beast hot (!) glans .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe lpcu5ai3 yzw1afy vjq39c1gwy zmc8ujp .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\viaz50 porn 7nd83wovj vjq39c1gwy feet boots .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\w6csjja14n1 7nd83wovj uncut glans (sarah).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\8r3baiec mzwpstr8n 8ok6yf uncut b37oavmx289 .rar.exe
  • %WINDIR%\assembly\temp\jxaglwti nude apv53deiq9fw (jade).mpg.exe
  • %WINDIR%\assembly\tmp\s2fkave beast xxx ihthd33 glans 6tl9zg0uqa .zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ddqayq tsomq34 sgu4m7oc .mpeg.exe
  • %WINDIR%\pla\templates\z9z7rwe sperm h93bklf apv53deiq9fw cock ejn547rbxhd1 .mpg.exe
  • %WINDIR%\security\templates\jxaglwti cum vjq39c1gwy legs (haj1oyikd).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\horse wep6b08 hot (!) ash .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\bd1l5ir ddqayq nom72kl feet shoes (karin,sandy).zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\4h1e2a346 h93bklf 7vepaqjm jxqgtp latex (sonja,haj1oyikd).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy ddqayq [bangbus] .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\wpjwijv h93bklf xxx girls sm .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 [bangbus] .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe 7nd83wovj w6csjja14n1 [bangbus] .mpg.exe
  • %WINDIR%\syswow64\fxstmp\h93bklf epyxwn (sarah).rar.exe
  • %WINDIR%\syswow64\ime\shared\wep6b08 l9hwcs7vvnphd9 boots .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\nude uncut rv0y8n .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse [milf] fw58kpr41ob1w .avi.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec lpcu5ai3 l9hwcs7vvnphd9 young .zip.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e cum xakmpl [bangbus] sm .mpeg.exe
  • %WINDIR%\temp\viaz50 nom72kl w6csjja14n1 [free] ash (liz,karin).rar.exe
  • %WINDIR%\winsxs\installtemp\gzn4ud7e h93bklf bq4kno titts sgoibhh .avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\f07qtt porn sperm 7vepaqjm 8bgkvshe1 .rar.exe
  • %CommonProgramFiles%\microsoft shared\viaz50 gay xakmpl bq4kno boobs gsva2xn (jade).mpeg.exe
  • %ProgramFiles%\dvd maker\shared\sperm [free] titts .mpg.exe
  • %ProgramFiles%\dvd maker\shared\black nom72kl sperm epyxwn cock girly .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\lpcu5ai3 ihthd33 (y8oxsqa).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\nom72kl [milf] girly .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx xakmpl mzwpstr8n l9hwcs7vvnphd9 b37oavmx289 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gay girls js80j73 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\8ok6yf yzw1afy nom72kl .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\viaz50 h93bklf nom72kl rv0y8n .avi.exe
  • %ProgramFiles%\microsoft office\templates\w6csjja14n1 gay epyxwn lzxyhb7k .rar.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gay 7nd83wovj [free] nmibe2 (karin,y8oxsqa).rar.exe
  • %ProgramFiles%\windows journal\templates\fac71w2 tsomq34 sperm hot (!) .zip.exe
  • %ProgramFiles%\microsoft office\templates\xxx [bangbus] hole zmc8ujp (c4w8hqa).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f07qtt sperm [free] rv0y8n .zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\black ddqayq gay big (y8oxsqa).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ikdyfwhy xxx nom72kl glans lady (36mho73,karin).avi.exe
  • %ProgramFiles%\windows journal\templates\horse girls .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\f1i7cm xakmpl nom72kl nom72kl .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\nom72kl uncut 40+ (dehod0,karin).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\yzw1afy l9hwcs7vvnphd9 hairy .mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ikdyfwhy nude horse vjq39c1gwy young .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\eq7k2xcxt horse mnho9y54 7vepaqjm .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nude nom72kl rv0y8n .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\upfgetx wep6b08 mzwpstr8n uncut .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\asian h93bklf nom72kl titts eigt45 (c4w8hqa,rdl1tfkz).avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f1i7cm xakmpl xxx uncut titts balls .zip.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z1qxwcd sperm bd1l5ir big sm .avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\mzwpstr8n tsomq34 uncut cock .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt h93bklf mzwpstr8n apv53deiq9fw feet lady (2hbt8wr).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 uncut hole .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm porn nom72kl glans b37oavmx289 .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\w6csjja14n1 horse sgu4m7oc young (sonja).rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt wep6b08 mnho9y54 girls .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\4h1e2a346 wep6b08 apv53deiq9fw gsva2xn (liz,dehod0).zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\fac71w2 8ok6yf mnho9y54 hot (!) (karin).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mzwpstr8n w6csjja14n1 ihthd33 lady .rar.exe
  • %ALLUSERSPROFILE%\templates\upfgetx wep6b08 vjq39c1gwy legs ae2sd7u4xh .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\beast ihthd33 glans balls .rar.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm cum yzw1afy sgu4m7oc ol6p1tua (sandy,jade).zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\sperm [milf] lady .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\horse vjq39c1gwy balls .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n ihthd33 .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm w6csjja14n1 yzw1afy bq4kno feet sgoibhh .rar.exe
  • %ALLUSERSPROFILE%\templates\f07qtt horse xxx bq4kno sgoibhh .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe h93bklf beast uncut cock nrb42wq .mpg.exe
  • C:\users\default\appdata\local\temp\xxx epyxwn feet rv0y8n .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\gzn4ud7e bd1l5ir sperm [milf] eigt45 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\0287zh w6csjja14n1 tsomq34 vjq39c1gwy .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\zc8giv9 nom72kl apv53deiq9fw (c4w8hqa).avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\0287zh nom72kl cum 7vepaqjm .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\mnho9y54 [free] .zip.exe
  • %ALLUSERSPROFILE%\templates\f07qtt mzwpstr8n girls (karin).rar.exe
  • C:\users\default\templates\gzn4ud7e wep6b08 yzw1afy l9hwcs7vvnphd9 glans mg9fvb2xk9 .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy cum l9hwcs7vvnphd9 .mpg.exe
  • C:\users\default\appdata\local\temp\eq7k2xcxt h93bklf 8ok6yf [free] young .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\asian porn cum [free] zmc8ujp .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\z1qxwcd gay sperm bq4kno girly (c4w8hqa).zip.exe
  • C:\users\default\templates\8ok6yf bq4kno 779mipj (jade).rar.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\eq7k2xcxt xakmpl lpcu5ai3 sgu4m7oc (liz).mpg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\tsomq34 bq4kno ol6p1tua .rar.exe
  • %TEMP%\horse 7vepaqjm .zip.exe
  • %TEMP%\z1qxwcd 7nd83wovj ihthd33 boobs sweet (36mho73).mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\z9z7rwe w6csjja14n1 lpcu5ai3 uncut .avi.exe
  • %LOCALAPPDATA%\<INETFILES>\wep6b08 [free] kfp2yqq mg9fvb2xk9 .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\f07qtt 7nd83wovj sperm girls lzxyhb7k .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\fac71w2 horse horse uncut (y8oxsqa).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\h93bklf ddqayq vjq39c1gwy fw58kpr41ob1w .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\nom72kl w6csjja14n1 [bangbus] lzxyhb7k .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\sperm girls cock .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\s2fkave nude h93bklf l9hwcs7vvnphd9 fishy .avi.exe
  • %APPDATA%\microsoft\templates\7b6fhxi h93bklf yzw1afy big young (gina,dehod0).rar.exe
  • %APPDATA%\microsoft\templates\lpcu5ai3 [bangbus] sgoibhh .rar.exe
  • %APPDATA%\microsoft\windows\templates\gay sgu4m7oc titts .rar.exe
  • %APPDATA%\microsoft\windows\templates\horse porn bq4kno gsva2xn .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\f07qtt porn beast bq4kno lzxyhb7k .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\sperm [milf] lzxyhb7k .mpg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f1i7cm horse beast ihthd33 rv0y8n .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\7b6fhxi xakmpl [free] .mpeg.exe
  • %HOMEPATH%\templates\jxaglwti lpcu5ai3 apv53deiq9fw ash nmibe2 (haj1oyikd).avi.exe
  • %HOMEPATH%\templates\eq7k2xcxt w6csjja14n1 xxx hot (!) feet wifey .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\nude bq4kno sgoibhh .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\zc8giv9 porn xxx uncut b37oavmx289 .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt porn yzw1afy uncut qx2j1b5 .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\xxx big cock .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\zc8giv9 mzwpstr8n ihthd33 lady (sonja).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ 7nd83wovj l9hwcs7vvnphd9 feet shoes .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\fac71w2 cum tsomq34 hot (!) hole .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\eq7k2xcxt xakmpl xxx 7vepaqjm glans b37oavmx289 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\porn epyxwn hole lzxyhb7k .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\mzwpstr8n vjq39c1gwy .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f07qtt bd1l5ir big .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black wep6b08 beast uncut feet js80j73 .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f07qtt cum sperm [free] b37oavmx289 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec cum horse [bangbus] glans fw58kpr41ob1w .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt nude yzw1afy epyxwn titts eigt45 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f07qtt wep6b08 gay sgu4m7oc .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx bd1l5ir sperm [milf] hole .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\porn 8ok6yf [bangbus] sm .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\mzwpstr8n nom72kl [milf] 50+ (gina,cy4xpd).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\black horse gay vjq39c1gwy boots .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\gzn4ud7e 8ok6yf tsomq34 [milf] .avi.exe
  • %WINDIR%\assembly\temp\mzwpstr8n hot (!) hole boots (c4w8hqa).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f07qtt w6csjja14n1 7vepaqjm legs .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\viaz50 horse gay [bangbus] ash (36mho73,jenna).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\eq7k2xcxt tsomq34 porn [bangbus] cock .mpg.exe
  • %WINDIR%\assembly\tmp\eq7k2xcxt horse yzw1afy girls ol6p1tua .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\horse nom72kl hot (!) .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8ok6yf uncut lady .zip.exe
  • %WINDIR%\assembly\temp\4h1e2a346 sperm h93bklf [milf] kfp2yqq js80j73 .mpg.exe
  • %WINDIR%\assembly\tmp\mnho9y54 horse [free] legs (cy4xpd,sandy).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fac71w2 w6csjja14n1 sperm uncut glans nmibe2 .mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\eq7k2xcxt nude tsomq34 uncut gsva2xn .mpg.exe
  • %WINDIR%\pla\templates\ bq4kno zn3tvn .mpg.exe
  • %WINDIR%\security\templates\black horse horse girls (cy4xpd).rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\horse apv53deiq9fw ash wifey .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx h93bklf horse ihthd33 feet .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\sperm girls (2hbt8wr).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay hot (!) glans lady .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\yzw1afy sgu4m7oc .zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\s2fkave 8ok6yf gay girls zn3tvn .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt bd1l5ir gay uncut balls .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\sperm 8ok6yf bq4kno .rar.exe
  • %WINDIR%\pla\templates\7b6fhxi horse ddqayq uncut sm (sarah,gina).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\sperm sgu4m7oc 8pfmdyy .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\sperm ihthd33 cock .avi.exe
  • %WINDIR%\security\templates\jxaglwti 7nd83wovj ddqayq sgu4m7oc balls .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\jxaglwti tsomq34 epyxwn (haj1oyikd).avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\h93bklf [milf] .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\tsomq34 nom72kl glans sweet .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\beast sgu4m7oc girly (36mho73).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\nom72kl big .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\wep6b08 lpcu5ai3 girls mg9fvb2xk9 (sandy,dehod0).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\ikdyfwhy wep6b08 hot (!) sweet .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\xakmpl uncut wifey (sonja,sarah).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\z1qxwcd nom72kl epyxwn lady .mpg.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave bd1l5ir beast hot (!) .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt h93bklf horse vjq39c1gwy glans .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt horse 7vepaqjm hole .rar.exe
  • %WINDIR%\syswow64\fxstmp\ikdyfwhy gay girls .rar.exe
  • %WINDIR%\syswow64\ime\shared\wep6b08 mzwpstr8n epyxwn fishy (sonja).avi.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec cum mzwpstr8n [bangbus] b37oavmx289 .avi.exe
  • %WINDIR%\temp\ikdyfwhy lpcu5ai3 epyxwn feet 779mipj .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\z1qxwcd xakmpl tsomq34 [milf] balls (36mho73).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 cum horse [bangbus] feet .mpeg.exe
  • %WINDIR%\syswow64\fxstmp\0287zh horse apv53deiq9fw ash 50+ .mpg.exe
  • %WINDIR%\syswow64\ime\shared\gzn4ud7e w6csjja14n1 nude [free] wifey .mpg.exe
  • %WINDIR%\temp\jxaglwti lpcu5ai3 girls (gina).zip.exe
  • %WINDIR%\winsxs\installtemp\horse gay [milf] .rar.exe
  • %WINDIR%\winsxs\installtemp\gzn4ud7e sperm girls hole (sonja).mpg.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play