Trojan.KillProc2.25178

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\z9z7rwe xakmpl 7vepaqjm ash hairy .mpg.exe
%ProgramFiles%\dvd maker\shared\8r3baiec ddqayq uncut .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\s2fkave cum beast big ash (gina).rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt ddqayq ihthd33 (c4w8hqa).mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\wep6b08 girls gsva2xn .zip.exe
%ProgramFiles%\microsoft office\templates\asian h93bklf ddqayq nom72kl (y8oxsqa,karin).zip.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\yzw1afy [bangbus] (sonja,sonja).rar.exe
%ProgramFiles%\windows journal\templates\gzn4ud7e yzw1afy mzwpstr8n [milf] shoes (cy4xpd,liz).mpeg.exe
%ProgramFiles%\windows sidebar\shared gadgets\xxx 7nd83wovj 7vepaqjm jxqgtp fw58kpr41ob1w .rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\xxx nom72kl ol6p1tua .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\jxaglwti gay [milf] .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7b6fhxi beast h93bklf big fw58kpr41ob1w (liz,sandy).mpeg.exe
%CommonProgramFiles(x86)%\microsoft shared\jxaglwti mzwpstr8n sgu4m7oc lady .zip.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\upfgetx 7nd83wovj tsomq34 [milf] .mpg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\black 7nd83wovj 7vepaqjm legs (cy4xpd).mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm xxx bq4kno gsva2xn .rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\lpcu5ai3 horse girls .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7b6fhxi wep6b08 uncut nmibe2 (sonja).mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\zc8giv9 gay [bangbus] sgoibhh .zip.exe
%ALLUSERSPROFILE%\templates\wep6b08 big .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\wpjwijv 8ok6yf apv53deiq9fw b37oavmx289 .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\xakmpl vjq39c1gwy lzxyhb7k (sonja,cy4xpd).zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n bq4kno mg9fvb2xk9 (y8oxsqa,rdl1tfkz).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec tsomq34 nom72kl cock .mpg.exe
%ALLUSERSPROFILE%\templates\wpjwijv sperm nom72kl ihthd33 eigt45 .mpeg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd nom72kl sgu4m7oc .rar.exe
C:\users\default\appdata\local\temp\f07qtt horse h93bklf vjq39c1gwy jxqgtp .zip.exe
C:\users\default\appdata\local\<INETFILES>\z1qxwcd 7nd83wovj nom72kl nom72kl b37oavmx289 .avi.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\jxaglwti porn epyxwn .zip.exe
C:\users\default\templates\z9z7rwe h93bklf uncut nrb42wq .mpeg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\jxaglwti horse ihthd33 .mpeg.exe
%TEMP%\mzwpstr8n bq4kno .rar.exe
%LOCALAPPDATA%\<INETFILES>\4h1e2a346 horse yzw1afy [free] cock ol6p1tua .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\z9z7rwe porn [free] legs .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\mzwpstr8n ihthd33 legs .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\ikdyfwhy mnho9y54 cum epyxwn .zip.exe
%APPDATA%\microsoft\templates\jxaglwti wep6b08 bd1l5ir [free] feet sweet .zip.exe
%APPDATA%\microsoft\windows\templates\mzwpstr8n big glans js80j73 .mpg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\z9z7rwe wep6b08 hot (!) legs ae2sd7u4xh .avi.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\viaz50 cum 7vepaqjm lzxyhb7k .mpeg.exe
%HOMEPATH%\templates\black sperm beast l9hwcs7vvnphd9 lzxyhb7k .avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\jxaglwti lpcu5ai3 ihthd33 (2hbt8wr,sonja).zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt nom72kl [free] zmc8ujp (jenna).rar.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\f1i7cm horse ihthd33 .avi.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 girls .avi.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\gay 7vepaqjm legs qx2j1b5 (gina).rar.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\nom72kl nom72kl (sonja,2hbt8wr).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\wep6b08 mnho9y54 apv53deiq9fw 8bgkvshe1 .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\s2fkave wep6b08 bq4kno cock mg9fvb2xk9 (jenna,c4w8hqa).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black horse lpcu5ai3 [milf] eigt45 .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\asian 8ok6yf yzw1afy uncut .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\z1qxwcd nom72kl sperm bq4kno glans .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\8ok6yf hot (!) zn3tvn .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\mnho9y54 beast epyxwn young (rdl1tfkz,c4w8hqa).rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\jxaglwti w6csjja14n1 h93bklf girls shoes (karin).avi.exe
%WINDIR%\assembly\temp\mzwpstr8n [bangbus] .rar.exe
%WINDIR%\assembly\tmp\f07qtt 7nd83wovj vjq39c1gwy hole (y8oxsqa).rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\asian lpcu5ai3 gay 7vepaqjm balls .mpg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7b6fhxi ddqayq vjq39c1gwy .rar.exe
%WINDIR%\pla\templates\7nd83wovj [milf] titts sweet .mpeg.exe
%WINDIR%\security\templates\7b6fhxi cum 8ok6yf l9hwcs7vvnphd9 jxqgtp .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi porn h93bklf nom72kl hole .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave gay ddqayq vjq39c1gwy titts .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\xakmpl w6csjja14n1 sgu4m7oc cock hotel (dehod0,gina).mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\0287zh mnho9y54 l9hwcs7vvnphd9 ash (sonja).zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black bd1l5ir ihthd33 jxqgtp wifey .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\zc8giv9 beast [milf] hole sgoibhh (karin,hyo87il).mpg.exe
%WINDIR%\syswow64\config\systemprofile\lpcu5ai3 gay 7vepaqjm (dehod0).mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt lpcu5ai3 porn epyxwn lady .zip.exe
%WINDIR%\syswow64\fxstmp\ yzw1afy uncut qx2j1b5 .mpeg.exe
%WINDIR%\syswow64\ime\shared\zc8giv9 horse bq4kno titts eigt45 (dehod0,jenna).mpeg.exe
%WINDIR%\syswow64\config\systemprofile\viaz50 mzwpstr8n 7nd83wovj [bangbus] legs eigt45 .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt horse epyxwn mg9fvb2xk9 .avi.exe
%WINDIR%\syswow64\fxstmp\horse epyxwn young (2hbt8wr,y8oxsqa).mpg.exe
%WINDIR%\syswow64\ime\shared\mzwpstr8n xakmpl uncut .mpeg.exe
%WINDIR%\temp\8ok6yf bq4kno (jade).mpeg.exe
%WINDIR%\winsxs\installtemp\zc8giv9 wep6b08 beast hot (!) jxqgtp fw58kpr41ob1w (liz,jenna).mpeg.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial