FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Analyse von virenabhängigen Vorfällen
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Trojan.KillProc2.25162

Added to the Dr.Web virus database: 2025-07-09

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\lpcu5ai3 uncut glans fw58kpr41ob1w .mpg.exe
  • %ProgramFiles%\dvd maker\shared\xxx [bangbus] feet .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\tsomq34 apv53deiq9fw .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black 8ok6yf tsomq34 uncut .mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx bd1l5ir horse apv53deiq9fw boots (gina,sarah).rar.exe
  • %ProgramFiles%\microsoft office\templates\black horse horse ihthd33 titts (dehod0,jade).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8r3baiec w6csjja14n1 mnho9y54 [bangbus] hole gh5b6gd7wrv (c4w8hqa).mpeg.exe
  • %ProgramFiles%\windows journal\templates\eq7k2xcxt h93bklf sperm bq4kno .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\fac71w2 nude yzw1afy l9hwcs7vvnphd9 feet nrb42wq .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx 7nd83wovj sperm girls feet .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\8r3baiec cum nom72kl big (dxocjwba).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\s2fkave horse tsomq34 nom72kl balls .rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\lpcu5ai3 bq4kno .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\upfgetx horse mnho9y54 bq4kno mg9fvb2xk9 .mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt ddqayq mzwpstr8n [free] glans mg9fvb2xk9 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt cum xxx ihthd33 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\mnho9y54 [bangbus] fw58kpr41ob1w .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt ddqayq beast sgu4m7oc sgoibhh .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave cum mnho9y54 epyxwn hole gh5b6gd7wrv (c4w8hqa).mpeg.exe
  • %ALLUSERSPROFILE%\templates\f1i7cm w6csjja14n1 lpcu5ai3 apv53deiq9fw .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\horse nom72kl .avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\sperm 7vepaqjm .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 epyxwn feet 8pfmdyy (jade).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt ddqayq nom72kl [free] 40+ .mpeg.exe
  • %ALLUSERSPROFILE%\templates\gzn4ud7e nude lpcu5ai3 vjq39c1gwy .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\fac71w2 8ok6yf nom72kl bq4kno eigt45 .mpeg.exe
  • C:\users\default\appdata\local\temp\gzn4ud7e xakmpl lpcu5ai3 sgu4m7oc qq6w54yfhtqrbwcslg (sandy,2hbt8wr).zip.exe
  • C:\users\default\appdata\local\<INETFILES>\ hot (!) balls .avi.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\ bq4kno hole nrb42wq (sarah).zip.exe
  • C:\users\default\templates\z9z7rwe bd1l5ir sperm ihthd33 glans (hyo87il,c4w8hqa).avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\tsomq34 ihthd33 cock b37oavmx289 (karin).avi.exe
  • %TEMP%\eq7k2xcxt 8ok6yf sperm epyxwn hole ae2sd7u4xh (sarah).zip.exe
  • %LOCALAPPDATA%\<INETFILES>\black wep6b08 yzw1afy [free] hole .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\mzwpstr8n l9hwcs7vvnphd9 feet .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt horse xxx [milf] girly (36mho73,liz).zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\f1i7cm horse gay big hole young .rar.exe
  • %APPDATA%\microsoft\templates\f1i7cm nude nom72kl hot (!) .mpg.exe
  • %APPDATA%\microsoft\windows\templates\s2fkave xakmpl horse uncut qx2j1b5 .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\beast big hole qx2j1b5 .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt porn tsomq34 big hole .avi.exe
  • %HOMEPATH%\templates\eq7k2xcxt xakmpl nom72kl uncut feet (gina,dxocjwba).avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt 7nd83wovj horse girls hole .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\upfgetx 8ok6yf sperm [bangbus] cock .zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black xakmpl mnho9y54 uncut ejn547rbxhd1 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec horse ihthd33 (2hbt8wr).zip.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\gzn4ud7e wep6b08 sperm epyxwn ae2sd7u4xh .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx horse nom72kl girls girly (sandy,dxocjwba).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\yzw1afy big (sarah).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f07qtt horse beast vjq39c1gwy titts sgoibhh (g6u8n4r).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\s2fkave ddqayq mzwpstr8n nom72kl feet .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\s2fkave 8ok6yf beast hot (!) .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse girls (sarah).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm bd1l5ir nom72kl [milf] (jade).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\lpcu5ai3 bq4kno titts (sonja,karin).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\s2fkave xakmpl lpcu5ai3 epyxwn nrb42wq .avi.exe
  • %WINDIR%\assembly\temp\fac71w2 porn lpcu5ai3 girls qq6w54yfhtqrbwcslg .mpg.exe
  • %WINDIR%\assembly\tmp\mnho9y54 apv53deiq9fw .rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f07qtt bd1l5ir [free] (g6u8n4r).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\mnho9y54 [bangbus] .mpg.exe
  • %WINDIR%\pla\templates\mnho9y54 hot (!) glans qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\security\templates\f1i7cm wep6b08 mzwpstr8n [bangbus] .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave wep6b08 tsomq34 vjq39c1gwy girly .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\8r3baiec cum beast bq4kno ash .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\8r3baiec porn gay [bangbus] titts zmc8ujp (dxocjwba).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt horse mnho9y54 [free] (liz).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z9z7rwe ddqayq nom72kl girls zmc8ujp .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\xxx nom72kl .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\xxx big (sarah).mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e horse gay bq4kno ejn547rbxhd1 .zip.exe
  • %WINDIR%\syswow64\fxstmp\w6csjja14n1 tsomq34 hot (!) 8pfmdyy (sonja,karin).zip.exe
  • %WINDIR%\syswow64\ime\shared\upfgetx bd1l5ir horse 7vepaqjm (y8oxsqa).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\mnho9y54 girls cock .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt ddqayq mnho9y54 vjq39c1gwy cock 8bgkvshe1 (sarah).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\z9z7rwe 7nd83wovj lpcu5ai3 sgu4m7oc glans .zip.exe
  • %WINDIR%\syswow64\ime\shared\upfgetx porn tsomq34 l9hwcs7vvnphd9 glans 8bgkvshe1 (jade).mpeg.exe
  • %WINDIR%\winsxs\installtemp\lpcu5ai3 l9hwcs7vvnphd9 .avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\xxx bq4kno mg9fvb2xk9 .zip.exe
  • %ProgramFiles%\dvd maker\shared\black bd1l5ir beast hot (!) feet gh5b6gd7wrv .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nom72kl [free] zn3tvn .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f1i7cm 8ok6yf mnho9y54 7vepaqjm ol6p1tua .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\mzwpstr8n sgu4m7oc hole zn3tvn .mpg.exe
  • %ProgramFiles%\microsoft office\templates\mnho9y54 sgu4m7oc rv0y8n .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\nom72kl l9hwcs7vvnphd9 (dxocjwba).rar.exe
  • %ProgramFiles%\windows journal\templates\f1i7cm h93bklf yzw1afy l9hwcs7vvnphd9 .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\8r3baiec nude yzw1afy [milf] (dxocjwba).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\upfgetx xakmpl beast epyxwn girly .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\fac71w2 nude beast 7vepaqjm titts mg9fvb2xk9 .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\f07qtt nude lpcu5ai3 [milf] b37oavmx289 (haj1oyikd,2hbt8wr).rar.exe
  • %CommonProgramFiles(x86)%\microsoft shared\gzn4ud7e 8ok6yf yzw1afy girls titts shoes (karin).rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\8r3baiec wep6b08 mzwpstr8n uncut (karin).avi.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\gzn4ud7e 8ok6yf mnho9y54 7vepaqjm zn3tvn .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\nom72kl l9hwcs7vvnphd9 latex (jenna,2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt porn tsomq34 uncut 8pfmdyy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx xakmpl horse vjq39c1gwy cock qx2j1b5 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e xakmpl nom72kl ihthd33 ash .rar.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt porn gay uncut hole (haj1oyikd,dxocjwba).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\black wep6b08 nom72kl girls cock qx2j1b5 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt wep6b08 yzw1afy bq4kno titts b37oavmx289 (cy4xpd).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\sperm uncut .avi.exe
  • %ALLUSERSPROFILE%\templates\upfgetx w6csjja14n1 nom72kl vjq39c1gwy .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\fac71w2 horse [free] young .mpeg.exe
  • C:\users\default\appdata\local\temp\nom72kl big lady .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 xakmpl beast hot (!) .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\yzw1afy 7vepaqjm glans .mpg.exe
  • C:\users\default\templates\xxx [milf] .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\beast ihthd33 zn3tvn .avi.exe
  • %TEMP%\eq7k2xcxt h93bklf tsomq34 ihthd33 feet 8bgkvshe1 (jade).mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\xxx vjq39c1gwy hole nmibe2 (liz).rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\lpcu5ai3 l9hwcs7vvnphd9 latex .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\lpcu5ai3 apv53deiq9fw .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\z9z7rwe h93bklf nom72kl [milf] 779mipj .mpg.exe
  • %APPDATA%\microsoft\templates\f07qtt 8ok6yf horse 7vepaqjm .avi.exe
  • %APPDATA%\microsoft\windows\templates\gzn4ud7e bd1l5ir beast epyxwn .mpg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\mnho9y54 l9hwcs7vvnphd9 .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\yzw1afy 7vepaqjm (c4w8hqa).mpeg.exe
  • %HOMEPATH%\templates\mzwpstr8n vjq39c1gwy titts balls .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mzwpstr8n uncut .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt h93bklf sperm uncut titts 8bgkvshe1 .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z9z7rwe nude mnho9y54 [free] .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\s2fkave 7nd83wovj sperm hot (!) titts 6tl9zg0uqa .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\beast [milf] 8bgkvshe1 .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt nude gay uncut glans lzxyhb7k .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\black 7nd83wovj beast ihthd33 eigt45 (36mho73,jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black porn tsomq34 girls sweet (dehod0,jade).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\upfgetx porn xxx uncut 50+ .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ vjq39c1gwy feet .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mzwpstr8n nom72kl glans rv0y8n .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\gzn4ud7e porn beast [milf] (2hbt8wr).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\horse apv53deiq9fw latex .mpg.exe
  • %WINDIR%\assembly\temp\f07qtt porn lpcu5ai3 bq4kno cock fishy .mpeg.exe
  • %WINDIR%\assembly\tmp\horse [free] glans .avi.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\s2fkave bd1l5ir mzwpstr8n hot (!) feet nmibe2 (2hbt8wr).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\lpcu5ai3 epyxwn .avi.exe
  • %WINDIR%\pla\templates\sperm 7vepaqjm nmibe2 (36mho73,c4w8hqa).avi.exe
  • %WINDIR%\security\templates\nom72kl uncut lady .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f07qtt w6csjja14n1 yzw1afy girls .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\mnho9y54 uncut sweet .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gay girls glans lady .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 [free] glans .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\upfgetx wep6b08 gay 7vepaqjm cock hotel (y8oxsqa).zip.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm ddqayq girls sm .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\s2fkave 8ok6yf sgu4m7oc ae2sd7u4xh .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx cum nom72kl [milf] .rar.exe
  • %WINDIR%\syswow64\fxstmp\eq7k2xcxt xakmpl bq4kno (2hbt8wr).mpg.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec ddqayq nom72kl epyxwn feet .mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\s2fkave horse nom72kl uncut fw58kpr41ob1w .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n uncut boots .zip.exe
  • %WINDIR%\syswow64\fxstmp\8r3baiec nude mnho9y54 [bangbus] feet .mpg.exe
  • %WINDIR%\syswow64\ime\shared\f07qtt horse mnho9y54 hot (!) zn3tvn .mpeg.exe
  • %WINDIR%\temp\mzwpstr8n apv53deiq9fw .avi.exe
  • %WINDIR%\winsxs\installtemp\4h1e2a346 nom72kl girls ash .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\f07qtt ddqayq lpcu5ai3 girls gh5b6gd7wrv (rdl1tfkz,karin).mpg.exe
  • %CommonProgramFiles%\microsoft shared\gay tsomq34 bq4kno glans 6tl9zg0uqa .mpg.exe
  • %ProgramFiles%\dvd maker\shared\upfgetx nude xxx uncut hole hairy (dxocjwba).avi.exe
  • %ProgramFiles%\dvd maker\shared\zc8giv9 h93bklf nom72kl boobs lzxyhb7k .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx w6csjja14n1 mzwpstr8n apv53deiq9fw feet 779mipj (c4w8hqa).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\upfgetx cum horse bq4kno mg9fvb2xk9 .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gzn4ud7e 7nd83wovj tsomq34 [bangbus] 8bgkvshe1 (dehod0,karin).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\porn big ash shoes .rar.exe
  • %ProgramFiles%\microsoft office\templates\eq7k2xcxt horse horse hot (!) (c4w8hqa).zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\8r3baiec porn uncut 779mipj (dxocjwba).mpg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f07qtt wep6b08 lpcu5ai3 hot (!) glans .rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\nom72kl 7vepaqjm mg9fvb2xk9 .mpeg.exe
  • %ProgramFiles%\windows journal\templates\black wep6b08 gay girls wifey .avi.exe
  • %ProgramFiles%\microsoft office\templates\sperm nom72kl vjq39c1gwy (karin).mpeg.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\jxaglwti beast mnho9y54 uncut .mpg.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\lpcu5ai3 [bangbus] .zip.exe
  • %ProgramFiles%\windows journal\templates\w6csjja14n1 horse uncut (dehod0).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\xxx [milf] .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\beast yzw1afy [free] cock ejn547rbxhd1 (jade,dxocjwba).avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\beast ddqayq girls ejn547rbxhd1 (haj1oyikd).zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\gay sperm uncut .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\beast epyxwn cock .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\8r3baiec horse wep6b08 [milf] wifey .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\z9z7rwe 7nd83wovj horse nom72kl hotel .avi.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\yzw1afy [milf] glans wifey (2hbt8wr).rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\mnho9y54 l9hwcs7vvnphd9 sweet .zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 uncut wifey (sonja,g6u8n4r).mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\4h1e2a346 yzw1afy tsomq34 epyxwn .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe w6csjja14n1 gay epyxwn feet .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\7b6fhxi yzw1afy nom72kl uncut titts sweet .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt xakmpl nom72kl sgu4m7oc nmibe2 (sonja,karin).mpeg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\h93bklf ddqayq uncut .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\mnho9y54 nom72kl sgoibhh .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\nude [free] .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\jxaglwti horse 7vepaqjm mg9fvb2xk9 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\s2fkave bd1l5ir ihthd33 40+ .avi.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n [bangbus] .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\black gay girls (y8oxsqa,liz).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\gay [free] .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 bd1l5ir tsomq34 uncut sm .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt ddqayq yzw1afy uncut 779mipj .zip.exe
  • %ALLUSERSPROFILE%\templates\horse h93bklf big titts .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx wep6b08 bq4kno feet lady (2hbt8wr).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\4h1e2a346 porn ihthd33 (haj1oyikd).mpg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\ uncut girly .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8ok6yf h93bklf apv53deiq9fw 40+ .mpeg.exe
  • %ALLUSERSPROFILE%\templates\fac71w2 h93bklf mzwpstr8n big titts .mpg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\nom72kl epyxwn zmc8ujp (36mho73,c4w8hqa).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec xakmpl girls b37oavmx289 .mpeg.exe
  • C:\users\default\appdata\local\temp\yzw1afy big latex .mpg.exe
  • C:\users\default\appdata\local\<INETFILES>\s2fkave wep6b08 xxx bq4kno latex .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\xxx apv53deiq9fw hole .zip.exe
  • C:\users\default\templates\gay uncut glans 40+ (2hbt8wr).zip.exe
  • %ALLUSERSPROFILE%\templates\cum [milf] cock .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e gay cum girls sweet .rar.exe
  • C:\users\default\appdata\local\temp\black mzwpstr8n h93bklf bq4kno glans sweet .mpeg.exe
  • C:\users\default\appdata\local\<INETFILES>\7b6fhxi w6csjja14n1 vjq39c1gwy nrb42wq .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\lpcu5ai3 nom72kl ae2sd7u4xh .mpeg.exe
  • C:\users\default\templates\eq7k2xcxt 7nd83wovj horse nom72kl ash qq6w54yfhtqrbwcslg .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\mzwpstr8n [bangbus] hole wifey (cy4xpd).avi.exe
  • %TEMP%\black porn nom72kl [bangbus] glans zmc8ujp (karin).rar.exe
  • %LOCALAPPDATA%\<INETFILES>\upfgetx bd1l5ir yzw1afy ihthd33 balls .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\ hot (!) fw58kpr41ob1w .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\tsomq34 sgu4m7oc lzxyhb7k .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\lpcu5ai3 l9hwcs7vvnphd9 .mpeg.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\yzw1afy yzw1afy [free] young .mpg.exe
  • %TEMP%\f1i7cm beast nude uncut qq6w54yfhtqrbwcslg .mpeg.exe
  • %LOCALAPPDATA%\<INETFILES>\cum w6csjja14n1 ihthd33 cock lzxyhb7k .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\lpcu5ai3 beast hot (!) (gina,sonja).mpeg.exe
  • %APPDATA%\microsoft\templates\black cum gay bq4kno cock boots .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\8r3baiec xxx h93bklf uncut lady .avi.exe
  • %APPDATA%\microsoft\windows\templates\mnho9y54 big (y8oxsqa).avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\f07qtt bd1l5ir sperm nom72kl glans ash .mpeg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\s2fkave beast 7nd83wovj 7vepaqjm fw58kpr41ob1w .rar.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\beast girls hole .zip.exe
  • %HOMEPATH%\templates\mnho9y54 epyxwn (c4w8hqa).mpeg.exe
  • %APPDATA%\microsoft\templates\4h1e2a346 tsomq34 [milf] .mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\s2fkave xakmpl girls glans shoes .rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 h93bklf yzw1afy epyxwn hole sweet .avi.exe
  • %APPDATA%\microsoft\windows\templates\eq7k2xcxt lpcu5ai3 lpcu5ai3 uncut ejn547rbxhd1 .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xxx ihthd33 50+ .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e bd1l5ir nom72kl bq4kno feet .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\ 7vepaqjm .mpeg.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\gzn4ud7e 7nd83wovj l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .mpeg.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\s2fkave h93bklf big mg9fvb2xk9 .rar.exe
  • %HOMEPATH%\templates\4h1e2a346 xxx cum bq4kno (c4w8hqa).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\nom72kl hot (!) hotel .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy tsomq34 nom72kl sgoibhh .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\wpjwijv mzwpstr8n lpcu5ai3 vjq39c1gwy (sarah).rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\viaz50 bd1l5ir nom72kl .avi.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\fac71w2 nude lpcu5ai3 [free] hotel .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\fac71w2 xxx l9hwcs7vvnphd9 rv0y8n .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black beast horse [bangbus] fishy (liz).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black wep6b08 mzwpstr8n uncut .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\fac71w2 xakmpl ihthd33 hole sweet .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tsomq34 hot (!) .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\xxx [free] .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e wep6b08 beast big 40+ .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\gzn4ud7e bd1l5ir mnho9y54 [free] (y8oxsqa).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\nom72kl sgu4m7oc ae2sd7u4xh .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\fac71w2 ddqayq nom72kl kfp2yqq zn3tvn .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\7b6fhxi xxx [milf] feet .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\horse nom72kl .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\viaz50 tsomq34 nom72kl big .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f1i7cm h93bklf lpcu5ai3 uncut .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt nude epyxwn cock gh5b6gd7wrv .avi.exe
  • %WINDIR%\assembly\temp\upfgetx 7nd83wovj xxx hot (!) titts lady (g6u8n4r).zip.exe
  • %WINDIR%\assembly\tmp\s2fkave 8ok6yf apv53deiq9fw (dxocjwba).rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\z9z7rwe tsomq34 apv53deiq9fw qq6w54yfhtqrbwcslg (karin,jade).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\ nom72kl hotel .zip.exe
  • %WINDIR%\assembly\temp\8r3baiec gay w6csjja14n1 hot (!) kfp2yqq ol6p1tua (dxocjwba).zip.exe
  • %WINDIR%\assembly\tmp\asian nom72kl w6csjja14n1 big wifey .mpeg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black xakmpl beast uncut titts nmibe2 (c4w8hqa).mpeg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\ nom72kl hotel .mpeg.exe
  • %WINDIR%\security\templates\mnho9y54 [bangbus] 40+ .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 uncut (g6u8n4r).zip.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\wep6b08 7vepaqjm ash qx2j1b5 .zip.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\lpcu5ai3 sgu4m7oc titts hairy (karin).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\upfgetx h93bklf beast l9hwcs7vvnphd9 .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt nude yzw1afy [bangbus] .rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\upfgetx w6csjja14n1 cum l9hwcs7vvnphd9 .avi.exe
  • %WINDIR%\pla\templates\xakmpl xakmpl bq4kno .avi.exe
  • %WINDIR%\security\templates\tsomq34 nom72kl .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\nom72kl mnho9y54 vjq39c1gwy (karin).rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\xxx 7vepaqjm .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\gzn4ud7e w6csjja14n1 7vepaqjm legs .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f1i7cm ddqayq gay epyxwn sm .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\wpjwijv 7nd83wovj big 779mipj .mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\zc8giv9 w6csjja14n1 l9hwcs7vvnphd9 jxqgtp 6tl9zg0uqa .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\wep6b08 yzw1afy ihthd33 .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\lpcu5ai3 girls titts boots .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm w6csjja14n1 nom72kl (dxocjwba).rar.exe
  • %WINDIR%\syswow64\config\systemprofile\f07qtt ddqayq [bangbus] hole js80j73 .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gay l9hwcs7vvnphd9 zn3tvn (dxocjwba).zip.exe
  • %WINDIR%\syswow64\fxstmp\jxaglwti bd1l5ir 8ok6yf 7vepaqjm .rar.exe
  • %WINDIR%\syswow64\fxstmp\jxaglwti yzw1afy l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt wep6b08 mzwpstr8n girls titts .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\ horse uncut qq6w54yfhtqrbwcslg .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi uncut jxqgtp .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\tsomq34 sgu4m7oc .mpeg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e porn horse uncut ejn547rbxhd1 .zip.exe
  • %WINDIR%\syswow64\fxstmp\fac71w2 bd1l5ir xxx sgu4m7oc .mpg.exe
  • %WINDIR%\syswow64\fxstmp\black nom72kl xakmpl hot (!) glans nmibe2 .mpg.exe
  • %WINDIR%\syswow64\ime\shared\fac71w2 ddqayq yzw1afy [free] gh5b6gd7wrv (gina,cy4xpd).mpg.exe
  • %WINDIR%\syswow64\ime\shared\viaz50 sperm nude uncut ejn547rbxhd1 .mpg.exe
  • %WINDIR%\temp\beast big fishy .mpg.exe
  • %WINDIR%\temp\yzw1afy [milf] 50+ (c4w8hqa).mpg.exe
  • %WINDIR%\winsxs\installtemp\beast [bangbus] .zip.exe
  • %WINDIR%\winsxs\installtemp\cum yzw1afy epyxwn ol6p1tua .avi.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play