Trojan.KillProc2.29869

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\gay sperm epyxwn (sandy).mpeg.exe
%ProgramFiles%\dvd maker\shared\sperm [milf] ash mg9fvb2xk9 .zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\s2fkave horse h93bklf l9hwcs7vvnphd9 lzxyhb7k .zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\black lpcu5ai3 7vepaqjm kfp2yqq (dehod0,y8oxsqa).mpg.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\asian bd1l5ir nom72kl (liz,rdl1tfkz).mpg.exe
%ProgramFiles%\microsoft office\templates\asian mnho9y54 epyxwn sgoibhh .mpeg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8r3baiec tsomq34 bq4kno js80j73 .mpeg.exe
%ProgramFiles%\windows journal\templates\wpjwijv nude horse [free] .mpg.exe
%ProgramFiles%\windows sidebar\shared gadgets\tsomq34 uncut zn3tvn .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\0287zh horse xxx sgu4m7oc shoes (hyo87il,36mho73).mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\mnho9y54 uncut .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\wpjwijv w6csjja14n1 yzw1afy vjq39c1gwy gsva2xn .rar.exe
%CommonProgramFiles(x86)%\microsoft shared\nude apv53deiq9fw nmibe2 (haj1oyikd,dxocjwba).mpeg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\z9z7rwe xakmpl gay uncut .zip.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\xakmpl w6csjja14n1 [bangbus] girly .zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe 7nd83wovj epyxwn ash fw58kpr41ob1w .rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\jxaglwti porn sperm apv53deiq9fw fishy .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\0287zh h93bklf xakmpl [bangbus] balls .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe yzw1afy nom72kl glans latex .avi.exe
%ALLUSERSPROFILE%\templates\horse mzwpstr8n l9hwcs7vvnphd9 lady .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\ddqayq xxx apv53deiq9fw .zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\porn vjq39c1gwy .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\sperm [milf] (sandy,karin).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec h93bklf nom72kl vjq39c1gwy 779mipj (cy4xpd).mpg.exe
%ALLUSERSPROFILE%\templates\wpjwijv cum apv53deiq9fw ash shoes .avi.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\jxaglwti h93bklf [milf] eigt45 .mpg.exe
C:\users\default\appdata\local\temp\jxaglwti uncut lady (sonja).mpg.exe
C:\users\default\appdata\local\<INETFILES>\f07qtt horse epyxwn legs lzxyhb7k (sonja,36mho73).avi.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\porn yzw1afy uncut girly (jenna,y8oxsqa).mpg.exe
C:\users\default\templates\nude nude big glans .rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\8ok6yf bq4kno .zip.exe
%TEMP%\beast apv53deiq9fw gsva2xn (c4w8hqa).avi.exe
%LOCALAPPDATA%\<INETFILES>\fac71w2 yzw1afy vjq39c1gwy .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\z1qxwcd nom72kl xakmpl l9hwcs7vvnphd9 sweet .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\ikdyfwhy horse hot (!) qq6w54yfhtqrbwcslg (2hbt8wr,jenna).avi.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\f1i7cm 7nd83wovj w6csjja14n1 apv53deiq9fw hole .avi.exe
%APPDATA%\microsoft\templates\8r3baiec tsomq34 ihthd33 js80j73 (y8oxsqa,jade).mpg.exe
%APPDATA%\microsoft\windows\templates\porn [milf] titts .mpg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\ l9hwcs7vvnphd9 feet fishy .zip.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z9z7rwe xxx uncut .mpg.exe
%HOMEPATH%\templates\4h1e2a346 bd1l5ir mzwpstr8n bq4kno legs .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gzn4ud7e xxx bq4kno feet ejn547rbxhd1 .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\7nd83wovj [free] nmibe2 .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black horse hot (!) jxqgtp 40+ .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black mzwpstr8n girls mg9fvb2xk9 .rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\7b6fhxi tsomq34 nude apv53deiq9fw b37oavmx289 .rar.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\8r3baiec gay hot (!) sweet .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\8ok6yf horse l9hwcs7vvnphd9 gsva2xn .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\upfgetx nom72kl [milf] (2hbt8wr).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\asian yzw1afy lpcu5ai3 big js80j73 .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\viaz50 nude 7vepaqjm nmibe2 .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f07qtt sperm tsomq34 l9hwcs7vvnphd9 legs fishy .rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nude big nmibe2 .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\8ok6yf xxx big hole .mpg.exe
%WINDIR%\assembly\temp\h93bklf gay l9hwcs7vvnphd9 ash .zip.exe
%WINDIR%\assembly\tmp\f07qtt h93bklf ihthd33 jxqgtp sweet (sonja,sonja).mpg.exe
%WINDIR%\pla\templates\asian mzwpstr8n [bangbus] kfp2yqq (cy4xpd,rdl1tfkz).mpeg.exe
%WINDIR%\security\templates\bd1l5ir cum ihthd33 .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi bd1l5ir uncut jxqgtp zmc8ujp (c4w8hqa,gina).mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\gay yzw1afy [free] jxqgtp .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\porn horse big hairy .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl bq4kno .avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black h93bklf 8ok6yf sgu4m7oc girly .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\7b6fhxi beast vjq39c1gwy b37oavmx289 (2hbt8wr,dehod0).avi.exe
%WINDIR%\syswow64\config\systemprofile\0287zh sperm [free] glans .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n sperm girls boobs gh5b6gd7wrv (sonja).avi.exe
%WINDIR%\syswow64\fxstmp\ddqayq mnho9y54 bq4kno titts lzxyhb7k .mpg.exe
%WINDIR%\syswow64\ime\shared\ddqayq mnho9y54 [milf] hole sweet .rar.exe
%WINDIR%\syswow64\config\systemprofile\horse nom72kl ihthd33 .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\asian horse tsomq34 hot (!) legs 40+ (cy4xpd).zip.exe
%WINDIR%\syswow64\fxstmp\jxaglwti xakmpl sperm epyxwn hotel (sonja,dehod0).mpg.exe
%WINDIR%\syswow64\ime\shared\ikdyfwhy cum uncut 50+ (cy4xpd,gina).zip.exe
%WINDIR%\temp\cum nude [milf] .zip.exe
%WINDIR%\winsxs\installtemp\7b6fhxi horse sgu4m7oc gh5b6gd7wrv (sonja).zip.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial