Trojan.KillProc2.25462

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\cum big .zip.exe
%ProgramFiles%\dvd maker\shared\beast nude sgu4m7oc qq6w54yfhtqrbwcslg .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nom72kl uncut jxqgtp ae2sd7u4xh .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mzwpstr8n [free] latex (36mho73).rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\z1qxwcd horse sgu4m7oc rv0y8n (dxocjwba).mpeg.exe
%ProgramFiles%\microsoft office\templates\fac71w2 mzwpstr8n [free] (sarah).mpeg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ [bangbus] ae2sd7u4xh (dehod0,rdl1tfkz).zip.exe
%ProgramFiles%\windows journal\templates\ddqayq vjq39c1gwy eigt45 .avi.exe
%ProgramFiles%\windows sidebar\shared gadgets\4h1e2a346 horse uncut .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ikdyfwhy xakmpl ihthd33 shoes .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\7b6fhxi nom72kl vjq39c1gwy .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\zc8giv9 lpcu5ai3 h93bklf sgu4m7oc sm .zip.exe
%CommonProgramFiles(x86)%\microsoft shared\nude horse bq4kno qx2j1b5 .mpeg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\xakmpl yzw1afy nom72kl zn3tvn .mpeg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\gay [free] boobs .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm tsomq34 uncut .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec mzwpstr8n ihthd33 8pfmdyy .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm bd1l5ir nom72kl .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\jxaglwti ddqayq vjq39c1gwy gh5b6gd7wrv .mpg.exe
%ALLUSERSPROFILE%\templates\wpjwijv bd1l5ir [bangbus] ash (y8oxsqa,2hbt8wr).rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\8r3baiec horse girls (jade,y8oxsqa).zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\z9z7rwe h93bklf [milf] titts 8bgkvshe1 .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt mzwpstr8n [milf] ejn547rbxhd1 (sarah).rar.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\asian mzwpstr8n ihthd33 (sonja).zip.exe
C:\users\default\appdata\local\temp\z9z7rwe h93bklf w6csjja14n1 girls ol6p1tua .avi.exe
C:\users\default\appdata\local\<INETFILES>\porn w6csjja14n1 vjq39c1gwy .mpg.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\eq7k2xcxt 7nd83wovj bd1l5ir ihthd33 .mpg.exe
C:\users\default\templates\ikdyfwhy lpcu5ai3 hot (!) lady .rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\eq7k2xcxt nude epyxwn .rar.exe
%TEMP%\sperm [milf] .rar.exe
%LOCALAPPDATA%\<INETFILES>\viaz50 sperm ihthd33 balls .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\nude bq4kno kfp2yqq nmibe2 .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\asian cum [free] titts zmc8ujp (sonja,gina).mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\z1qxwcd h93bklf [bangbus] lzxyhb7k .zip.exe
%APPDATA%\microsoft\templates\upfgetx 7nd83wovj 7vepaqjm girly .mpeg.exe
%APPDATA%\microsoft\windows\templates\gzn4ud7e 7nd83wovj [free] .mpeg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\eq7k2xcxt mzwpstr8n vjq39c1gwy feet sweet .mpeg.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\f1i7cm lpcu5ai3 cum bq4kno mg9fvb2xk9 .mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\horse hot (!) kfp2yqq .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gay 7vepaqjm sweet .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\0287zh xxx ddqayq ihthd33 kfp2yqq .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\s2fkave beast 7nd83wovj [bangbus] b37oavmx289 (hyo87il).rar.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\0287zh bd1l5ir sgu4m7oc feet .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\horse 7vepaqjm gh5b6gd7wrv .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\yzw1afy cum big legs .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\7b6fhxi bd1l5ir 7vepaqjm .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mnho9y54 wep6b08 bq4kno ash girly .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\eq7k2xcxt 7nd83wovj xxx hot (!) jxqgtp boots .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\asian 8ok6yf yzw1afy [bangbus] (jade,jenna).mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\0287zh gay 7vepaqjm eigt45 .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\zc8giv9 horse yzw1afy l9hwcs7vvnphd9 boobs (hyo87il,jade).mpeg.exe
%WINDIR%\assembly\temp\bd1l5ir 7nd83wovj uncut ash .mpeg.exe
%WINDIR%\assembly\tmp\black gay horse [milf] titts shoes .mpeg.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\tsomq34 cum big ejn547rbxhd1 .zip.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f1i7cm yzw1afy sperm [milf] (sarah,karin).zip.exe
%WINDIR%\pla\templates\f1i7cm h93bklf ihthd33 (jenna).zip.exe
%WINDIR%\security\templates\0287zh ddqayq horse nom72kl mg9fvb2xk9 (dxocjwba).mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\s2fkave horse horse epyxwn young .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\f1i7cm tsomq34 sgu4m7oc cock (c4w8hqa,hyo87il).mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\porn 8ok6yf big .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd porn epyxwn rv0y8n .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\f1i7cm beast nom72kl feet zmc8ujp .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\horse big fishy .avi.exe
%WINDIR%\syswow64\config\systemprofile\4h1e2a346 beast 7vepaqjm (sonja,2hbt8wr).mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n apv53deiq9fw .mpg.exe
%WINDIR%\syswow64\fxstmp\asian nude nom72kl zn3tvn .zip.exe
%WINDIR%\syswow64\ime\shared\bd1l5ir 7vepaqjm (jenna).zip.exe
%WINDIR%\syswow64\config\systemprofile\wpjwijv xakmpl uncut glans .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\8r3baiec porn mzwpstr8n sgu4m7oc .mpeg.exe
%WINDIR%\syswow64\fxstmp\h93bklf h93bklf vjq39c1gwy zn3tvn .mpg.exe
%WINDIR%\syswow64\ime\shared\viaz50 horse sperm big boobs hairy (rdl1tfkz,karin).mpg.exe
%WINDIR%\temp\gay h93bklf l9hwcs7vvnphd9 .mpeg.exe
%WINDIR%\winsxs\installtemp\w6csjja14n1 l9hwcs7vvnphd9 jxqgtp ejn547rbxhd1 .mpeg.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial