Trojan.KillProc2.25531

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\f07qtt horse yzw1afy girls js80j73 (hyo87il,c4w8hqa).mpg.exe
%ProgramFiles%\dvd maker\shared\upfgetx porn yzw1afy 7vepaqjm .rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mnho9y54 vjq39c1gwy hole (hyo87il,sarah).mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gzn4ud7e xakmpl lpcu5ai3 girls (sarah).zip.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\horse uncut glans nrb42wq .mpeg.exe
%ProgramFiles%\microsoft office\templates\f1i7cm xakmpl l9hwcs7vvnphd9 .mpeg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\eq7k2xcxt h93bklf sperm nom72kl hole gsva2xn (karin).mpeg.exe
%ProgramFiles%\windows journal\templates\yzw1afy 7vepaqjm titts eigt45 .mpg.exe
%ProgramFiles%\windows sidebar\shared gadgets\gzn4ud7e porn nom72kl girls rv0y8n .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f1i7cm porn xxx epyxwn boots .mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f07qtt h93bklf tsomq34 epyxwn (2hbt8wr).mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\horse l9hwcs7vvnphd9 wifey .rar.exe
%CommonProgramFiles(x86)%\microsoft shared\horse l9hwcs7vvnphd9 nmibe2 .mpg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black h93bklf mnho9y54 sgu4m7oc .avi.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\gzn4ud7e xakmpl xxx vjq39c1gwy titts 6tl9zg0uqa .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\upfgetx horse mzwpstr8n big cock .zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\mzwpstr8n vjq39c1gwy .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx wep6b08 beast big glans js80j73 (c4w8hqa).avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt w6csjja14n1 tsomq34 [bangbus] (c4w8hqa).rar.exe
%ALLUSERSPROFILE%\templates\black porn gay vjq39c1gwy ejn547rbxhd1 .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\nom72kl apv53deiq9fw cock .rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt 7nd83wovj sperm sgu4m7oc titts 50+ .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black horse gay girls feet (hyo87il,y8oxsqa).mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\ ihthd33 (c4w8hqa).rar.exe
%ALLUSERSPROFILE%\templates\mzwpstr8n sgu4m7oc .mpeg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ 7vepaqjm qq6w54yfhtqrbwcslg .zip.exe
C:\users\default\appdata\local\temp\8r3baiec w6csjja14n1 mnho9y54 7vepaqjm .avi.exe
C:\users\default\appdata\local\<INETFILES>\z9z7rwe 7nd83wovj sperm epyxwn boots .mpg.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\z9z7rwe 7nd83wovj mzwpstr8n hot (!) girly (dehod0,2hbt8wr).mpeg.exe
C:\users\default\templates\yzw1afy uncut cock .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\upfgetx cum nom72kl hot (!) .mpeg.exe
%TEMP%\xxx bq4kno .avi.exe
%LOCALAPPDATA%\<INETFILES>\eq7k2xcxt nude mnho9y54 [bangbus] mg9fvb2xk9 .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\mzwpstr8n vjq39c1gwy .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\fac71w2 w6csjja14n1 mzwpstr8n 7vepaqjm cock nrb42wq .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\nom72kl nom72kl (c4w8hqa).zip.exe
%APPDATA%\microsoft\templates\z9z7rwe h93bklf gay bq4kno young .mpeg.exe
%APPDATA%\microsoft\windows\templates\xxx [milf] (sarah).rar.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\s2fkave nude mnho9y54 nom72kl titts qq6w54yfhtqrbwcslg .mpg.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\8r3baiec 7nd83wovj lpcu5ai3 7vepaqjm (2hbt8wr).mpeg.exe
%HOMEPATH%\templates\f1i7cm xakmpl gay nom72kl hole (haj1oyikd,liz).mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\fac71w2 8ok6yf sperm l9hwcs7vvnphd9 cock fishy (sarah).avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\xxx hot (!) glans .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mnho9y54 [free] eigt45 .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\eq7k2xcxt w6csjja14n1 mzwpstr8n epyxwn (sarah).mpg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt 7nd83wovj gay apv53deiq9fw ol6p1tua (rdl1tfkz,2hbt8wr).mpg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\tsomq34 apv53deiq9fw ash .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\nom72kl sgu4m7oc (2hbt8wr).rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\tsomq34 sgu4m7oc (g6u8n4r).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec porn yzw1afy [bangbus] feet (sonja,liz).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\yzw1afy [milf] mg9fvb2xk9 .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xxx epyxwn boots .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f07qtt bd1l5ir lpcu5ai3 nom72kl feet .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f07qtt xakmpl horse sgu4m7oc glans fishy (jade).avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\eq7k2xcxt 8ok6yf beast big glans nmibe2 .mpg.exe
%WINDIR%\assembly\temp\fac71w2 cum nom72kl 7vepaqjm .mpeg.exe
%WINDIR%\assembly\tmp\black nude sperm [bangbus] .mpeg.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\f07qtt cum sperm girls glans js80j73 .mpg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black horse sperm [milf] glans ash .avi.exe
%WINDIR%\pla\templates\8r3baiec bd1l5ir mzwpstr8n nom72kl (cy4xpd).zip.exe
%WINDIR%\security\templates\beast [free] feet b37oavmx289 (y8oxsqa).rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 8ok6yf girls lady .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt wep6b08 beast vjq39c1gwy wifey .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z9z7rwe h93bklf gay ihthd33 js80j73 .avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\gay vjq39c1gwy qq6w54yfhtqrbwcslg .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e cum nom72kl ihthd33 hole gsva2xn .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\ [free] cock .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\ vjq39c1gwy feet .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 h93bklf horse l9hwcs7vvnphd9 .mpeg.exe
%WINDIR%\syswow64\fxstmp\ hot (!) cock (sonja,y8oxsqa).mpg.exe
%WINDIR%\syswow64\ime\shared\f1i7cm h93bklf yzw1afy big latex .rar.exe
%WINDIR%\syswow64\config\systemprofile\mzwpstr8n sgu4m7oc mg9fvb2xk9 .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gay big hole girly .mpg.exe
%WINDIR%\syswow64\fxstmp\horse uncut feet (haj1oyikd,cy4xpd).mpg.exe
%WINDIR%\syswow64\ime\shared\beast bq4kno cock zn3tvn (dxocjwba).mpeg.exe
%WINDIR%\temp\tsomq34 uncut (c4w8hqa).mpeg.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial