Trojan.KillProc2.25209

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\f1i7cm gay nude sgu4m7oc 40+ .rar.exe
%ProgramFiles%\dvd maker\shared\gzn4ud7e xxx hot (!) .rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\mnho9y54 gay hot (!) kfp2yqq ejn547rbxhd1 (2hbt8wr).mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\viaz50 tsomq34 nom72kl hole lady .rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt bd1l5ir sperm [bangbus] jxqgtp .zip.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\jxaglwti nom72kl wep6b08 [bangbus] ash .avi.exe
%ProgramFiles%\windows journal\templates\7nd83wovj sgu4m7oc kfp2yqq mg9fvb2xk9 (2hbt8wr,liz).avi.exe
%ProgramFiles%\windows sidebar\shared gadgets\tsomq34 nom72kl (jade,36mho73).mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\asian bd1l5ir beast epyxwn gsva2xn (sandy).avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\nude apv53deiq9fw legs .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\cum ddqayq hot (!) qq6w54yfhtqrbwcslg .mpeg.exe
%CommonProgramFiles(x86)%\microsoft shared\porn [bangbus] b37oavmx289 .avi.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\w6csjja14n1 epyxwn gh5b6gd7wrv .rar.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\zc8giv9 tsomq34 uncut kfp2yqq 779mipj .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\mzwpstr8n [free] .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe cum [milf] cock .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\w6csjja14n1 bq4kno .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\horse 7nd83wovj [bangbus] feet (sandy,36mho73).rar.exe
%ALLUSERSPROFILE%\templates\xakmpl wep6b08 hot (!) kfp2yqq mg9fvb2xk9 (rdl1tfkz,rdl1tfkz).mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm sperm sgu4m7oc hole hotel .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\viaz50 wep6b08 tsomq34 [bangbus] glans .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\asian lpcu5ai3 [bangbus] .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\viaz50 xakmpl hot (!) .mpeg.exe
%ALLUSERSPROFILE%\templates\mzwpstr8n [free] kfp2yqq 40+ .avi.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f07qtt mnho9y54 nom72kl nrb42wq (rdl1tfkz).avi.exe
C:\users\default\appdata\local\temp\ddqayq [free] .rar.exe
C:\users\default\appdata\local\<INETFILES>\xxx tsomq34 [bangbus] .zip.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\f1i7cm w6csjja14n1 uncut kfp2yqq zn3tvn .mpeg.exe
C:\users\default\templates\z1qxwcd yzw1afy 8ok6yf girls ejn547rbxhd1 .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\bd1l5ir girls boots .rar.exe
%TEMP%\upfgetx lpcu5ai3 xxx 7vepaqjm 779mipj .zip.exe
%LOCALAPPDATA%\<INETFILES>\0287zh lpcu5ai3 8ok6yf [bangbus] gh5b6gd7wrv .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\porn uncut 8pfmdyy .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\xxx [free] sgoibhh .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\0287zh horse girls (36mho73,gina).avi.exe
%APPDATA%\microsoft\templates\eq7k2xcxt h93bklf [milf] (jenna).mpg.exe
%APPDATA%\microsoft\windows\templates\jxaglwti horse epyxwn b37oavmx289 .avi.exe
%APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z9z7rwe wep6b08 xakmpl big fishy .avi.exe
%APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\jxaglwti mzwpstr8n wep6b08 uncut kfp2yqq hairy .mpeg.exe
%HOMEPATH%\templates\xxx bq4kno (36mho73,y8oxsqa).rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gay wep6b08 bq4kno jxqgtp latex (2hbt8wr).rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nude wep6b08 [bangbus] shoes .avi.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xakmpl cum uncut ol6p1tua (y8oxsqa,c4w8hqa).rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\beast uncut (jenna).mpg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z1qxwcd ddqayq cum apv53deiq9fw 779mipj .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\lpcu5ai3 gay l9hwcs7vvnphd9 cock mg9fvb2xk9 .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\w6csjja14n1 vjq39c1gwy cock nrb42wq .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z1qxwcd ddqayq lpcu5ai3 7vepaqjm boobs wifey .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\sperm beast l9hwcs7vvnphd9 ash .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\zc8giv9 nude big b37oavmx289 .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\jxaglwti gay xxx [free] .zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\fac71w2 xakmpl gay ihthd33 eigt45 .rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\7b6fhxi ddqayq [milf] lady .avi.exe
%WINDIR%\assembly\temp\upfgetx gay mzwpstr8n [bangbus] legs .mpeg.exe
%WINDIR%\assembly\tmp\horse [free] boobs .mpeg.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fac71w2 horse xakmpl vjq39c1gwy fishy .mpeg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\8r3baiec xxx ihthd33 ash sgoibhh .mpeg.exe
%WINDIR%\pla\templates\7b6fhxi lpcu5ai3 hot (!) .avi.exe
%WINDIR%\security\templates\porn nom72kl glans .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\f1i7cm tsomq34 nom72kl ejn547rbxhd1 (2hbt8wr).zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\mzwpstr8n gay 7vepaqjm .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z9z7rwe w6csjja14n1 ihthd33 sgoibhh .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\horse l9hwcs7vvnphd9 js80j73 .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\8r3baiec xakmpl porn [milf] titts (cy4xpd,jade).rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\7b6fhxi h93bklf horse apv53deiq9fw boobs eigt45 (dehod0).mpeg.exe
%WINDIR%\syswow64\config\systemprofile\ikdyfwhy mzwpstr8n sperm uncut boobs .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\0287zh h93bklf lpcu5ai3 bq4kno .rar.exe
%WINDIR%\syswow64\ime\shared\0287zh yzw1afy bd1l5ir uncut boobs zmc8ujp .zip.exe
%WINDIR%\syswow64\config\systemprofile\ddqayq w6csjja14n1 vjq39c1gwy gh5b6gd7wrv (jade).rar.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nom72kl uncut 40+ .avi.exe
%WINDIR%\syswow64\fxstmp\7b6fhxi h93bklf horse uncut rv0y8n .mpeg.exe
%WINDIR%\syswow64\ime\shared\f07qtt lpcu5ai3 vjq39c1gwy hole lzxyhb7k (rdl1tfkz).mpg.exe
%WINDIR%\temp\viaz50 beast uncut .zip.exe
%WINDIR%\winsxs\installtemp\yzw1afy beast ihthd33 (36mho73).mpg.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial