Trojan.KillProc2.17779

Technical Information

Malicious functions

Executes the following

'<SYSTEM32>\net.exe' stop "SynTPEnhService"
'<SYSTEM32>\taskkill.exe' /f /im GoogleCrashHandler64.exe
'<SYSTEM32>\taskkill.exe' /f /im wenativehost.exe
'<SYSTEM32>\taskkill.exe' /f /im Video.UI.exe
'<SYSTEM32>\taskkill.exe' /f /im atieclxx.exe
'<SYSTEM32>\taskkill.exe' /f /im smartscreen.exe
'<SYSTEM32>\taskkill.exe' /f /im SearchIndexer.exe
'<SYSTEM32>\taskkill.exe' /f /im spoolsv.exe
'<SYSTEM32>\taskkill.exe' /f /im audiodg.exe
'<SYSTEM32>\taskkill.exe' /f /im TextInputHost.exe
'<SYSTEM32>\taskkill.exe' /f /im SearchApp.exe
'<SYSTEM32>\taskkill.exe' /f /im SecurityHealthSystray.exe
'<SYSTEM32>\taskkill.exe' /f /im SearchFilterHost.exe
'<SYSTEM32>\taskkill.exe' /f /im sync-taskbar.exe
'<SYSTEM32>\taskkill.exe' /f /im sync-worker.exe
'<SYSTEM32>\taskkill.exe' /f /im MEGAsync.exe
'<SYSTEM32>\taskkill.exe' /f /im YourPhone.exe
'<SYSTEM32>\taskkill.exe' /f /im Microsoft.Photos.exe
'<SYSTEM32>\taskkill.exe' /f /im SynTPEnh.exe
'<SYSTEM32>\taskkill.exe' /f /im SSynTPHelper.exe
'<SYSTEM32>\taskkill.exe' /f /im Icedrive.exe
'<SYSTEM32>\taskkill.exe' /f /im FileCoAuth.exe
'<SYSTEM32>\taskkill.exe' /f /im SynTPHelper.exe
'<SYSTEM32>\taskkill.exe' /f /im crashpad_handler.exe
'<SYSTEM32>\taskkill.exe' /f /im AcWebBrowser.exe
'<SYSTEM32>\taskkill.exe' /f /im AutodeskDesktopApp.exe
'<SYSTEM32>\taskkill.exe' /f /im mDNSResponder.exe
'<SYSTEM32>\taskkill.exe' /f /im ReflectUI.exe
'<SYSTEM32>\taskkill.exe' /f /im ReflectMonitor.exe
'<SYSTEM32>\taskkill.exe' /f /im MacriumService.exe
'<SYSTEM32>\taskkill.exe' /f /im Spotify.exe
'<SYSTEM32>\taskkill.exe' /f /im ABService.exe
'<SYSTEM32>\taskkill.exe' /f /im BingWallpaperApp.exe
'<SYSTEM32>\taskkill.exe' /f /im fdm.exe
'<SYSTEM32>\taskkill.exe' /f /im PanGPS.exe
'<SYSTEM32>\taskkill.exe' /f /im updatechecker.exe
'<SYSTEM32>\taskkill.exe' /f /im KiteService.exe
'<SYSTEM32>\taskkill.exe' /f /im kited.exe
'<SYSTEM32>\taskkill.exe' /f /im GoogleDriveFS.exe
'<SYSTEM32>\taskkill.exe' /f /im Box.Desktop.UpdateService.exe
'<SYSTEM32>\taskkill.exe' /f /im GenuineService.exe
'<SYSTEM32>\taskkill.exe' /f /im secd.exe
'<SYSTEM32>\taskkill.exe' /f /im AppleMobileDeviceProcess.exe
'<SYSTEM32>\taskkill.exe' /f /im iCloudServices.exe
'<SYSTEM32>\net.exe' stop "WSearch"
'<SYSTEM32>\net.exe' stop "MacriumService"
'<SYSTEM32>\net.exe' stop "Backupper Service"
'<SYSTEM32>\net.exe' stop "MapsBroker"
'<SYSTEM32>\net.exe' stop "BoxUpdateSvc"
'<SYSTEM32>\net.exe' stop "FlexNet Licensing Service"
'<SYSTEM32>\net.exe' stop "KiteService"
'<SYSTEM32>\net.exe' stop "chromoting"
'<SYSTEM32>\net.exe' stop "AMD External Events Utility"
'<SYSTEM32>\net.exe' stop "AMD Crash Defender Service"
'<SYSTEM32>\net.exe' stop "gupdate"
'<SYSTEM32>\net.exe' stop "edgeupdate"
'<SYSTEM32>\net.exe' stop "dbupdate"
'<SYSTEM32>\net.exe' stop "ClickToRunSvc"
'<SYSTEM32>\net.exe' stop "AdskLicensingService"
'<SYSTEM32>\net.exe' stop "AdAppMgrSvc"
'<SYSTEM32>\net.exe' stop "AdobeARMservice"
'<SYSTEM32>\net.exe' stop "UsoSvc"
'<SYSTEM32>\net.exe' stop "TabletInputService"
'<SYSTEM32>\net.exe' stop "Themes"
'<SYSTEM32>\net.exe' stop "lfsvc"
'<SYSTEM32>\taskkill.exe' /f /im iCloudDrive.exe
'<SYSTEM32>\taskkill.exe' /f /im APSDaemon.exe
'<SYSTEM32>\taskkill.exe' /f /im helperservice.exe
'<SYSTEM32>\taskkill.exe' /f /im OfficeClickToRun.exe
'<SYSTEM32>\taskkill.exe' /f /im BoxUI.exe
'<SYSTEM32>\taskkill.exe' /f /im streem.exe
'<SYSTEM32>\taskkill.exe' /f /im Box.exe
'<SYSTEM32>\taskkill.exe' /f /im RadeonSoftware.exe
'<SYSTEM32>\taskkill.exe' /f /im remoting_host.exe
'<SYSTEM32>\taskkill.exe' /f /im GoogleCrashHandler.exe
'<SYSTEM32>\taskkill.exe' /f /im QtWebEngineProcess.exe
'<SYSTEM32>\taskkill.exe' /f /im FNPLicensingService.exe
'<SYSTEM32>\taskkill.exe' /f /im jusched.exe
'<SYSTEM32>\taskkill.exe' /f /im AdskLicensingService.exe
'<SYSTEM32>\taskkill.exe' /f /im armsvc.exe
'<SYSTEM32>\taskkill.exe' /f /im vpnagent.exe
'<SYSTEM32>\taskkill.exe' /f /im AdAppMgrSvc.exe
'<SYSTEM32>\net.exe' stop "Bonjour Service"
'<SYSTEM32>\taskkill.exe' /f /im iCloudPhotos.exe
'<SYSTEM32>\taskkill.exe' /f /im lmgrd.exe

Terminates or attempts to terminate

the following system processes:

<SYSTEM32>\spoolsv.exe

Modifies file system

Creates the following files

%TEMP%\7ccd.tmp\7cce.tmp\7ccf.bat

Deletes the following files

%TEMP%\7ccd.tmp\7cce.tmp\7ccf.bat

Miscellaneous

Searches for the following windows

ClassName: '' WindowName: ''

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c "%TEMP%\7CCD.tmp\7CCE.tmp\7CCF.bat <Full path to file>"' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c "%TEMP%\7CCD.tmp\7CCE.tmp\7CCF.bat <Full path to file>"
'<SYSTEM32>\net1.exe' stop "Themes"
'<SYSTEM32>\net1.exe' stop "TabletInputService"
'<SYSTEM32>\net1.exe' stop "UsoSvc"
'<SYSTEM32>\net1.exe' stop "WSearch"
'<SYSTEM32>\net1.exe' stop "MacriumService"
'<SYSTEM32>\net1.exe' stop "Backupper Service"
'<SYSTEM32>\net1.exe' stop "MapsBroker"
'<SYSTEM32>\net1.exe' stop "BoxUpdateSvc"
'<SYSTEM32>\net1.exe' stop "FlexNet Licensing Service"
'<SYSTEM32>\net1.exe' stop "KiteService"
'<SYSTEM32>\net1.exe' stop "chromoting"
'<SYSTEM32>\net1.exe' stop "AMD External Events Utility"
'<SYSTEM32>\net1.exe' stop "AMD Crash Defender Service"
'<SYSTEM32>\net1.exe' stop "gupdate"
'<SYSTEM32>\net1.exe' stop "edgeupdate"
'<SYSTEM32>\net1.exe' stop "dbupdate"
'<SYSTEM32>\net1.exe' stop "ClickToRunSvc"
'<SYSTEM32>\net1.exe' stop "AdskLicensingService"
'<SYSTEM32>\net1.exe' stop "AdAppMgrSvc"
'<SYSTEM32>\net1.exe' stop "AdobeARMservice"
'<SYSTEM32>\net1.exe' stop "SynTPEnhService"
'<SYSTEM32>\net1.exe' stop "lfsvc"
'<SYSTEM32>\net1.exe' stop "Bonjour Service"

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial