Trojan.KillProc2.25336

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\8ok6yf gay [bangbus] feet nmibe2 (karin,karin).mpg.exe
%ProgramFiles%\dvd maker\shared\8r3baiec bd1l5ir l9hwcs7vvnphd9 qx2j1b5 .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\7b6fhxi horse wep6b08 [bangbus] .mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\zc8giv9 xxx 7nd83wovj nom72kl ash qx2j1b5 .rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\eq7k2xcxt beast l9hwcs7vvnphd9 (y8oxsqa,hyo87il).rar.exe
%ProgramFiles%\microsoft office\templates\gzn4ud7e gay girls gh5b6gd7wrv (g6u8n4r).zip.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\0287zh bd1l5ir bq4kno legs rv0y8n .avi.exe
%ProgramFiles%\windows journal\templates\gay girls b37oavmx289 .rar.exe
%ProgramFiles%\windows sidebar\shared gadgets\black nom72kl horse [bangbus] 40+ (haj1oyikd,sonja).mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\z1qxwcd lpcu5ai3 sgu4m7oc sweet .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\xakmpl sperm ihthd33 hairy .mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\horse nom72kl uncut .zip.exe
%CommonProgramFiles(x86)%\microsoft shared\lpcu5ai3 w6csjja14n1 big .rar.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\s2fkave sperm apv53deiq9fw .mpg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\f1i7cm mzwpstr8n lpcu5ai3 ihthd33 (jade,dxocjwba).mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 horse big qx2j1b5 .rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 horse tsomq34 [bangbus] wifey (sarah,sandy).mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\eq7k2xcxt mzwpstr8n beast girls legs 40+ .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\8ok6yf uncut glans sm .mpeg.exe
%ALLUSERSPROFILE%\templates\4h1e2a346 mzwpstr8n l9hwcs7vvnphd9 .mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\wpjwijv horse [bangbus] balls (gina,gina).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\4h1e2a346 horse xxx girls jxqgtp young (sonja).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\jxaglwti 7nd83wovj nom72kl legs latex .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe lpcu5ai3 ddqayq big .zip.exe
%ALLUSERSPROFILE%\templates\z1qxwcd w6csjja14n1 7vepaqjm .mpeg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd xakmpl big boobs .zip.exe
C:\users\default\appdata\local\temp\f1i7cm w6csjja14n1 big (sarah).mpg.exe
C:\users\default\appdata\local\<INETFILES>\zc8giv9 nude ihthd33 (sonja,sandy).rar.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\h93bklf girls lzxyhb7k .zip.exe
C:\users\default\templates\asian bd1l5ir beast bq4kno boots .zip.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\gzn4ud7e tsomq34 [bangbus] feet fishy .mpeg.exe
%TEMP%\fac71w2 tsomq34 sperm vjq39c1gwy glans wifey (gina).mpeg.exe
%LOCALAPPDATA%\<INETFILES>\7nd83wovj uncut titts .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\fac71w2 porn 7vepaqjm sweet .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\black bq4kno (cy4xpd,c4w8hqa).mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\jxaglwti h93bklf uncut young .mpg.exe
%APPDATA%\microsoft\templates\fac71w2 horse hot (!) (jade,y8oxsqa).mpeg.exe
%APPDATA%\microsoft\windows\templates\upfgetx nom72kl tsomq34 hot (!) mg9fvb2xk9 (36mho73).zip.exe
%APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\mzwpstr8n big kfp2yqq b37oavmx289 (2hbt8wr).rar.exe
%APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\zc8giv9 gay l9hwcs7vvnphd9 legs .mpg.exe
%HOMEPATH%\templates\s2fkave xakmpl uncut .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\s2fkave mzwpstr8n gay girls .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e girls latex .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\7b6fhxi wep6b08 mzwpstr8n epyxwn .mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 w6csjja14n1 uncut sweet .rar.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe mnho9y54 8ok6yf 7vepaqjm ash .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt sperm mnho9y54 uncut nmibe2 .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\xakmpl cum apv53deiq9fw (jade,haj1oyikd).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx h93bklf porn 7vepaqjm latex .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\z9z7rwe lpcu5ai3 horse hot (!) ae2sd7u4xh .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\viaz50 w6csjja14n1 uncut girly .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\mzwpstr8n bd1l5ir [milf] boobs .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse nude girls boobs .rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\jxaglwti wep6b08 xakmpl uncut shoes (sonja,dehod0).mpg.exe
%WINDIR%\assembly\temp\asian wep6b08 gay sgu4m7oc .zip.exe
%WINDIR%\assembly\tmp\z1qxwcd 7nd83wovj uncut eigt45 .zip.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\upfgetx mzwpstr8n beast uncut hole .mpeg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\7b6fhxi horse [free] (liz,dehod0).avi.exe
%WINDIR%\pla\templates\7b6fhxi 8ok6yf bd1l5ir [milf] titts young .zip.exe
%WINDIR%\security\templates\ 7nd83wovj ihthd33 (sarah,dehod0).avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n horse [milf] (haj1oyikd,hyo87il).mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\gzn4ud7e xxx girls .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe beast yzw1afy nom72kl .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z1qxwcd 8ok6yf vjq39c1gwy qx2j1b5 (sonja).rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\4h1e2a346 h93bklf yzw1afy vjq39c1gwy (karin,36mho73).zip.exe
%WINDIR%\syswow64\config\systemprofile\8ok6yf mzwpstr8n apv53deiq9fw cock .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\xxx 8ok6yf uncut .zip.exe
%WINDIR%\syswow64\fxstmp\xakmpl horse uncut boobs ash .mpg.exe
%WINDIR%\syswow64\ime\shared\viaz50 h93bklf ddqayq uncut qq6w54yfhtqrbwcslg .rar.exe
%WINDIR%\syswow64\config\systemprofile\wep6b08 bq4kno lady .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 nude epyxwn .mpeg.exe
%WINDIR%\syswow64\fxstmp\eq7k2xcxt ddqayq bd1l5ir big boots (jenna,dehod0).avi.exe
%WINDIR%\syswow64\ime\shared\z1qxwcd tsomq34 ihthd33 kfp2yqq .zip.exe
%WINDIR%\temp\horse [milf] gh5b6gd7wrv .avi.exe
%WINDIR%\winsxs\installtemp\black nom72kl [free] .mpeg.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial