Trojan.KillProc2.28518

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\fac71w2 horse nude hot (!) feet (rdl1tfkz).mpeg.exe
%ProgramFiles%\dvd maker\shared\f07qtt wep6b08 ddqayq ihthd33 girly .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\7nd83wovj horse girls (36mho73).mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\7b6fhxi wep6b08 [bangbus] nmibe2 .rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\black lpcu5ai3 h93bklf uncut hole .mpeg.exe
%ProgramFiles%\microsoft office\templates\z1qxwcd mnho9y54 gay hot (!) js80j73 .mpg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\7b6fhxi gay nude [milf] sweet (rdl1tfkz,gina).avi.exe
%ProgramFiles%\windows journal\templates\ sgu4m7oc boots (haj1oyikd).mpeg.exe
%ProgramFiles%\windows sidebar\shared gadgets\gzn4ud7e tsomq34 vjq39c1gwy (haj1oyikd).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\nude horse nom72kl 8pfmdyy (cy4xpd,sonja).mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\7b6fhxi ddqayq sperm vjq39c1gwy jxqgtp nmibe2 (sonja,sonja).mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\nude big cock lady .mpg.exe
%CommonProgramFiles(x86)%\microsoft shared\porn [bangbus] .rar.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\ikdyfwhy nude vjq39c1gwy feet .zip.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\8r3baiec gay 8ok6yf [bangbus] glans balls .zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\ikdyfwhy cum xxx bq4kno 8bgkvshe1 .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\black xakmpl [free] b37oavmx289 (sandy).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec girls .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx h93bklf sgu4m7oc .rar.exe
%ALLUSERSPROFILE%\templates\tsomq34 vjq39c1gwy lady .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\0287zh xxx hot (!) .rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\h93bklf cum nom72kl (36mho73).mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\viaz50 sperm sperm uncut shoes .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx gay horse nom72kl 8pfmdyy .mpg.exe
%ALLUSERSPROFILE%\templates\asian horse mzwpstr8n big cock .mpg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\xxx girls mg9fvb2xk9 .mpg.exe
C:\users\default\appdata\local\temp\s2fkave ddqayq [milf] js80j73 .zip.exe
C:\users\default\appdata\local\<INETFILES>\f1i7cm mnho9y54 apv53deiq9fw legs mg9fvb2xk9 .rar.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\eq7k2xcxt yzw1afy [bangbus] ash 40+ (sandy).mpg.exe
C:\users\default\templates\porn 7vepaqjm sm .avi.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\z9z7rwe yzw1afy 7nd83wovj apv53deiq9fw zn3tvn (c4w8hqa).mpeg.exe
%TEMP%\viaz50 cum sgu4m7oc young (gina).mpeg.exe
%LOCALAPPDATA%\<INETFILES>\gay [bangbus] .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\f1i7cm xakmpl bd1l5ir apv53deiq9fw sweet .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\black ddqayq [free] latex .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\ mnho9y54 [free] hotel .avi.exe
%APPDATA%\microsoft\templates\4h1e2a346 mzwpstr8n uncut ash sgoibhh .rar.exe
%APPDATA%\microsoft\windows\templates\z9z7rwe sperm h93bklf l9hwcs7vvnphd9 zmc8ujp .rar.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\jxaglwti gay [milf] hole .zip.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\jxaglwti tsomq34 cum [free] sgoibhh .zip.exe
%HOMEPATH%\templates\gzn4ud7e 7nd83wovj mnho9y54 sgu4m7oc .avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\7nd83wovj porn epyxwn hole (jade,sonja).zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\yzw1afy big ae2sd7u4xh .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\bd1l5ir vjq39c1gwy legs .rar.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy nom72kl [bangbus] jxqgtp .rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\viaz50 xxx nom72kl 7vepaqjm 8bgkvshe1 .zip.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ikdyfwhy horse l9hwcs7vvnphd9 balls (y8oxsqa,sonja).mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt beast ddqayq ihthd33 qx2j1b5 .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\nom72kl beast big .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\gzn4ud7e beast ihthd33 young .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\ikdyfwhy 8ok6yf hot (!) eigt45 (sarah).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\4h1e2a346 xakmpl vjq39c1gwy cock fishy .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\ddqayq cum bq4kno .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nude bq4kno feet .mpg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\0287zh horse 7vepaqjm ejn547rbxhd1 (y8oxsqa,sonja).zip.exe
%WINDIR%\assembly\temp\lpcu5ai3 l9hwcs7vvnphd9 gh5b6gd7wrv .mpg.exe
%WINDIR%\assembly\tmp\0287zh sperm h93bklf big qx2j1b5 (c4w8hqa,jenna).mpg.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\black nude gay [milf] kfp2yqq .avi.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\lpcu5ai3 [milf] 50+ .rar.exe
%WINDIR%\pla\templates\bd1l5ir [milf] jxqgtp qx2j1b5 .mpg.exe
%WINDIR%\security\templates\4h1e2a346 horse [bangbus] .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx gay l9hwcs7vvnphd9 young (jade,haj1oyikd).mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\xakmpl lpcu5ai3 girls hairy .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt sperm h93bklf [bangbus] balls .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n hot (!) hole gsva2xn (y8oxsqa,sarah).mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\w6csjja14n1 7nd83wovj epyxwn ash eigt45 (sonja).rar.exe
%WINDIR%\syswow64\config\systemprofile\upfgetx nude w6csjja14n1 girls kfp2yqq qq6w54yfhtqrbwcslg .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\asian w6csjja14n1 nom72kl boobs qq6w54yfhtqrbwcslg .rar.exe
%WINDIR%\syswow64\fxstmp\jxaglwti cum uncut hole (karin,gina).mpeg.exe
%WINDIR%\syswow64\ime\shared\gay lpcu5ai3 [bangbus] zmc8ujp .rar.exe
%WINDIR%\syswow64\config\systemprofile\8r3baiec tsomq34 uncut feet .rar.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt mzwpstr8n sgu4m7oc hotel (2hbt8wr,36mho73).mpg.exe
%WINDIR%\syswow64\fxstmp\ikdyfwhy h93bklf sgu4m7oc .avi.exe
%WINDIR%\syswow64\ime\shared\8r3baiec horse mzwpstr8n bq4kno young .avi.exe
%WINDIR%\temp\8r3baiec beast girls .mpg.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial