Trojan.KillProc2.28668

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\eq7k2xcxt mzwpstr8n uncut boobs qx2j1b5 .rar.exe
%ProgramFiles%\dvd maker\shared\gay mnho9y54 vjq39c1gwy legs qq6w54yfhtqrbwcslg (36mho73).mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f07qtt mzwpstr8n sperm [milf] .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\h93bklf bq4kno qq6w54yfhtqrbwcslg .avi.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\w6csjja14n1 [milf] (dehod0).rar.exe
%ProgramFiles%\microsoft office\templates\0287zh lpcu5ai3 ihthd33 fishy (y8oxsqa).mpg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\horse girls .avi.exe
%ProgramFiles%\windows journal\templates\0287zh horse big .zip.exe
%ProgramFiles%\windows sidebar\shared gadgets\eq7k2xcxt cum [bangbus] .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\4h1e2a346 cum uncut mg9fvb2xk9 .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\asian w6csjja14n1 yzw1afy uncut .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 yzw1afy 7vepaqjm (sandy,dxocjwba).zip.exe
%CommonProgramFiles(x86)%\microsoft shared\viaz50 mzwpstr8n 8ok6yf ihthd33 .zip.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\eq7k2xcxt sperm sperm hot (!) glans (dehod0).rar.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\upfgetx nom72kl horse ihthd33 zmc8ujp (y8oxsqa).zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe mnho9y54 girls shoes .zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\nude w6csjja14n1 uncut .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\horse [milf] qq6w54yfhtqrbwcslg .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\7nd83wovj [milf] 50+ (sonja,liz).avi.exe
%ALLUSERSPROFILE%\templates\7b6fhxi nom72kl l9hwcs7vvnphd9 mg9fvb2xk9 (liz,haj1oyikd).zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm xxx big .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe mzwpstr8n [milf] 40+ .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\viaz50 xxx w6csjja14n1 uncut legs 6tl9zg0uqa .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\beast mnho9y54 l9hwcs7vvnphd9 jxqgtp zn3tvn .mpg.exe
%ALLUSERSPROFILE%\templates\nom72kl mnho9y54 apv53deiq9fw gh5b6gd7wrv .mpg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\wep6b08 ihthd33 .mpeg.exe
C:\users\default\appdata\local\temp\cum bd1l5ir girls .zip.exe
C:\users\default\appdata\local\<INETFILES>\4h1e2a346 bd1l5ir uncut lady .avi.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\f07qtt beast ihthd33 hairy .rar.exe
C:\users\default\templates\eq7k2xcxt uncut mg9fvb2xk9 .avi.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\wpjwijv gay 7nd83wovj [milf] 779mipj .mpeg.exe
%TEMP%\porn ihthd33 eigt45 .zip.exe
%LOCALAPPDATA%\<INETFILES>\mzwpstr8n l9hwcs7vvnphd9 (36mho73,y8oxsqa).rar.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\4h1e2a346 horse epyxwn .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\z1qxwcd w6csjja14n1 sgu4m7oc wifey .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\beast uncut .zip.exe
%APPDATA%\microsoft\templates\asian bd1l5ir uncut feet js80j73 .zip.exe
%APPDATA%\microsoft\windows\templates\ikdyfwhy horse nom72kl vjq39c1gwy .mpeg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\8r3baiec 8ok6yf [milf] glans gh5b6gd7wrv .zip.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\gzn4ud7e beast xxx [free] .mpeg.exe
%HOMEPATH%\templates\horse horse hot (!) glans fishy (y8oxsqa).mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\f07qtt wep6b08 ddqayq [milf] zn3tvn (karin).avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\0287zh nom72kl epyxwn lady (jenna).zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z9z7rwe wep6b08 apv53deiq9fw qx2j1b5 (2hbt8wr,36mho73).avi.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\viaz50 beast nom72kl l9hwcs7vvnphd9 qx2j1b5 (36mho73).mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\beast beast epyxwn feet nmibe2 .mpg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\viaz50 7nd83wovj hot (!) fw58kpr41ob1w (rdl1tfkz).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx wep6b08 apv53deiq9fw .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\z1qxwcd yzw1afy xxx l9hwcs7vvnphd9 ash (2hbt8wr,dxocjwba).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\nude epyxwn .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\xxx nom72kl feet latex .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm vjq39c1gwy nrb42wq (jenna,gina).mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8r3baiec tsomq34 mnho9y54 [milf] .zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\wep6b08 horse bq4kno .mpeg.exe
%WINDIR%\assembly\temp\z9z7rwe ddqayq 7nd83wovj [bangbus] titts girly (dehod0).mpg.exe
%WINDIR%\assembly\tmp\gay mnho9y54 ihthd33 glans js80j73 .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\7b6fhxi beast w6csjja14n1 vjq39c1gwy .mpeg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7nd83wovj ddqayq uncut lzxyhb7k (dehod0).mpeg.exe
%WINDIR%\pla\templates\f1i7cm mzwpstr8n mzwpstr8n [milf] feet .zip.exe
%WINDIR%\security\templates\gzn4ud7e wep6b08 hot (!) (haj1oyikd,y8oxsqa).mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\bd1l5ir porn hot (!) .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\viaz50 sperm [bangbus] qx2j1b5 .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\porn girls ash .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe lpcu5ai3 nude girls jxqgtp .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\lpcu5ai3 girls .avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\4h1e2a346 ddqayq 8ok6yf big .avi.exe
%WINDIR%\syswow64\config\systemprofile\z1qxwcd lpcu5ai3 mzwpstr8n nom72kl zn3tvn .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 [milf] shoes (c4w8hqa).mpg.exe
%WINDIR%\syswow64\fxstmp\xakmpl apv53deiq9fw lady .mpg.exe
%WINDIR%\syswow64\ime\shared\ l9hwcs7vvnphd9 fw58kpr41ob1w .mpg.exe
%WINDIR%\syswow64\config\systemprofile\bd1l5ir bq4kno sgoibhh (sarah).zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\gzn4ud7e beast yzw1afy ihthd33 .avi.exe
%WINDIR%\syswow64\fxstmp\zc8giv9 nude mnho9y54 hot (!) glans nmibe2 .mpeg.exe
%WINDIR%\temp\beast big .rar.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial