Trojan.KillProc2.25520

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\s2fkave horse yzw1afy big titts .zip.exe
%ProgramFiles%\dvd maker\shared\fac71w2 porn sperm bq4kno 40+ (haj1oyikd,liz).avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\gzn4ud7e cum mnho9y54 nom72kl gsva2xn .zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\beast big wifey .mpg.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gay uncut eigt45 .zip.exe
%ProgramFiles%\microsoft office\templates\xxx [bangbus] titts fw58kpr41ob1w .avi.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gay epyxwn cock .mpg.exe
%ProgramFiles%\windows journal\templates\horse bq4kno .zip.exe
%ProgramFiles%\windows sidebar\shared gadgets\mnho9y54 [bangbus] (liz).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\tsomq34 uncut feet .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black 7nd83wovj horse l9hwcs7vvnphd9 ash .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\tsomq34 big .mpg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\f07qtt 8ok6yf mzwpstr8n big hole .zip.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\mnho9y54 apv53deiq9fw feet .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 7vepaqjm hotel .zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\xxx [free] feet balls (y8oxsqa).rar.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e w6csjja14n1 nom72kl big (g6u8n4r).zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx cum sperm nom72kl ash (haj1oyikd,g6u8n4r).zip.exe
%ALLUSERSPROFILE%\templates\black xakmpl gay nom72kl titts wifey (jade).rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 7vepaqjm cock (rdl1tfkz,c4w8hqa).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\lpcu5ai3 girls feet .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx bd1l5ir mnho9y54 uncut hole sm .rar.exe
%ALLUSERSPROFILE%\templates\s2fkave xakmpl yzw1afy ihthd33 glans nmibe2 .avi.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\yzw1afy girls .mpeg.exe
C:\users\default\appdata\local\temp\f07qtt bd1l5ir tsomq34 big lady (sonja,g6u8n4r).rar.exe
C:\users\default\appdata\local\<INETFILES>\beast [milf] .avi.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\upfgetx wep6b08 hot (!) feet hairy (sarah).mpeg.exe
C:\users\default\templates\yzw1afy [milf] zn3tvn (hyo87il,2hbt8wr).zip.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\gay epyxwn eigt45 .mpg.exe
%TEMP%\f1i7cm 7nd83wovj mnho9y54 uncut feet .mpg.exe
%LOCALAPPDATA%\<INETFILES>\z9z7rwe cum nom72kl [bangbus] feet 8pfmdyy (y8oxsqa).rar.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\lpcu5ai3 [free] gsva2xn .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\eq7k2xcxt horse yzw1afy [free] ash .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\gay vjq39c1gwy (g6u8n4r).zip.exe
%APPDATA%\microsoft\templates\upfgetx h93bklf mnho9y54 [bangbus] sm .zip.exe
%APPDATA%\microsoft\windows\templates\black 8ok6yf gay uncut cock eigt45 .mpg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f1i7cm h93bklf mnho9y54 l9hwcs7vvnphd9 titts (sonja,sarah).zip.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\f1i7cm w6csjja14n1 horse uncut glans latex .mpg.exe
%HOMEPATH%\templates\yzw1afy ihthd33 glans zmc8ujp (karin).mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gzn4ud7e ddqayq gay nom72kl ash .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave horse horse [free] hairy .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\sperm girls glans girly .rar.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\z9z7rwe ddqayq horse girls glans .avi.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt ddqayq yzw1afy epyxwn cock 779mipj (cy4xpd).avi.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe wep6b08 mnho9y54 7vepaqjm ol6p1tua .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\z1qxwcd sperm 7vepaqjm .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z9z7rwe nude nom72kl apv53deiq9fw sm (hyo87il,dxocjwba).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe h93bklf hot (!) hole .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\tsomq34 hot (!) cock .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gzn4ud7e ddqayq lpcu5ai3 sgu4m7oc .rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\gzn4ud7e 7nd83wovj lpcu5ai3 7vepaqjm cock .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\s2fkave 7nd83wovj tsomq34 [bangbus] eigt45 .avi.exe
%WINDIR%\assembly\temp\8r3baiec 7nd83wovj gay [bangbus] 8pfmdyy .rar.exe
%WINDIR%\assembly\tmp\s2fkave xakmpl lpcu5ai3 bq4kno sm .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\ 7vepaqjm qq6w54yfhtqrbwcslg .mpg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\gzn4ud7e cum nom72kl [free] (2hbt8wr).zip.exe
%WINDIR%\pla\templates\z9z7rwe 8ok6yf mzwpstr8n nom72kl (dxocjwba).avi.exe
%WINDIR%\security\templates\8r3baiec w6csjja14n1 l9hwcs7vvnphd9 boots .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe xakmpl lpcu5ai3 nom72kl titts ash (2hbt8wr).mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\z9z7rwe ddqayq lpcu5ai3 apv53deiq9fw .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\s2fkave horse yzw1afy epyxwn hotel .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe horse gay [free] cock .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\beast sgu4m7oc feet .zip.exe
%WINDIR%\syswow64\config\systemprofile\porn xxx girls (sarah).avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\8r3baiec ddqayq mnho9y54 bq4kno (y8oxsqa).mpeg.exe
%WINDIR%\syswow64\fxstmp\viaz50 xxx [free] boots .mpg.exe
%WINDIR%\syswow64\ime\shared\sperm girls ejn547rbxhd1 .mpg.exe
%WINDIR%\syswow64\config\systemprofile\gzn4ud7e 8ok6yf mnho9y54 sgu4m7oc qq6w54yfhtqrbwcslg .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ [bangbus] .mpg.exe
%WINDIR%\syswow64\fxstmp\eq7k2xcxt 7nd83wovj xxx sgu4m7oc hotel .rar.exe
%WINDIR%\syswow64\ime\shared\yzw1afy uncut .zip.exe
%WINDIR%\temp\lpcu5ai3 [free] glans .mpg.exe
%WINDIR%\winsxs\installtemp\7nd83wovj nom72kl epyxwn .rar.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial